This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-38327169
The article has changed 5 times. There is an RSS feed of changes available.
Version 0 | Version 1 |
---|---|
Yahoo hack: Should I panic? | Yahoo hack: Should I panic? |
(35 minutes later) | |
Yahoo has said data from more than one billion accounts may have been hacked. | Yahoo has said data from more than one billion accounts may have been hacked. |
But should you be worried and what can you do to protect yourself in the future? | But should you be worried and what can you do to protect yourself in the future? |
"Don't panic," security expert Graham Cluley told the BBC, although he does add that there are plenty of reasons to be concerned. | "Don't panic," security expert Graham Cluley told the BBC, although he does add that there are plenty of reasons to be concerned. |
People might suppose the breach is unlikely to affect them because the attack happened three years ago and there was no widely reported abuse of the data in the meantime. | People might suppose the breach is unlikely to affect them because the attack happened three years ago and there was no widely reported abuse of the data in the meantime. |
However, hackers might have targeted users' emails. | However, hackers might have targeted users' emails. |
Yahoo has also said it is investigating a later, separate issue that might have made some accounts accessible without passwords. | Yahoo has also said it is investigating a later, separate issue that might have made some accounts accessible without passwords. |
"Your email account is the central hub of your entire online existence - if they own that they can ask for password resets on other accounts you have online as well," explains Mr Cluley. | "Your email account is the central hub of your entire online existence - if they own that they can ask for password resets on other accounts you have online as well," explains Mr Cluley. |
Plus, anyone using their account for work purposes - such as sending professional documents back and forth in attachments - could in theory become a target of industrial espionage. | Plus, anyone using their account for work purposes - such as sending professional documents back and forth in attachments - could in theory become a target of industrial espionage. |
Even if accounts could only be accessed with passwords, the way they were encrypted is less secure than more modern techniques, according to Mr Cluley. | Even if accounts could only be accessed with passwords, the way they were encrypted is less secure than more modern techniques, according to Mr Cluley. |
He adds that it is possible the data, including names, telephone numbers and dates of birth, will - or already has - become available to buyers on the dark net, although so far there has been no evidence of this. | He adds that it is possible the data, including names, telephone numbers and dates of birth, will - or already has - become available to buyers on the dark net, although so far there has been no evidence of this. |
Security expert and writer Brian Krebs said in a blog, "For years I have been urging friends and family to migrate off of Yahoo email, mainly because the company appeared to fall far behind its peers in blocking spam and other email-based attacks." | Security expert and writer Brian Krebs said in a blog, "For years I have been urging friends and family to migrate off of Yahoo email, mainly because the company appeared to fall far behind its peers in blocking spam and other email-based attacks." |
Yahoo has reassured its users: "We continuously enhance our safeguards and systems that detect and prevent unauthorised access to user account." | Yahoo has reassured its users: "We continuously enhance our safeguards and systems that detect and prevent unauthorised access to user account." |
Some may not think of themselves as Yahoo users but the firm provides some BT customers' email accounts. | |
"We are urgently investigating this with them," BT said in an online statement, in which it also advised those who had a BT Yahoo email account in August 2013 to reset their password. | |
It's also worth remembering that Yahoo acquired Flickr in 2005. | |
Yahoo has said, though, that accounts for Tumblr - which it also owns - would not have been affected. | Yahoo has said, though, that accounts for Tumblr - which it also owns - would not have been affected. |
What should you do? | What should you do? |
"Don't just change your Yahoo password," says Mr Cluley. | "Don't just change your Yahoo password," says Mr Cluley. |
That is the place to start, but once this password is changed, he also recommends changing your password on all other accounts you use and making sure that you use a different one for each. | That is the place to start, but once this password is changed, he also recommends changing your password on all other accounts you use and making sure that you use a different one for each. |
It sounds like a lot of bother, but security experts are increasingly recommending that people use a simple password manager program such as Password Chef, LastPass or 1password. | It sounds like a lot of bother, but security experts are increasingly recommending that people use a simple password manager program such as Password Chef, LastPass or 1password. |
Two-factor authentication allows users to verify logging in via, for example, entering a separate code sent to their mobile phone. | Two-factor authentication allows users to verify logging in via, for example, entering a separate code sent to their mobile phone. |
But the idea that online security stops with password management is outdated, says security expert Prof Alan Woodward at the University of Surrey. | But the idea that online security stops with password management is outdated, says security expert Prof Alan Woodward at the University of Surrey. |
"We're past that now," he says, adding that security professionals tend to enter fake information about themselves to online forms unless they can avoid it. | "We're past that now," he says, adding that security professionals tend to enter fake information about themselves to online forms unless they can avoid it. |
"I'm like the Queen, I have two birthdays, my online birthday and my real birthday," explains Prof Woodward. | "I'm like the Queen, I have two birthdays, my online birthday and my real birthday," explains Prof Woodward. |
"Do I give my real address? No - only for financial purposes like billing." | "Do I give my real address? No - only for financial purposes like billing." |
Yahoo accounts do allow users to see recent activity - for example, which computers were used to log in and where in the world they were located. Users can check this for any suspicious behaviour. | Yahoo accounts do allow users to see recent activity - for example, which computers were used to log in and where in the world they were located. Users can check this for any suspicious behaviour. |
If users do want to move away from Yahoo after recent breaches, news site The Parallax recently wrote advice on how to do this. | If users do want to move away from Yahoo after recent breaches, news site The Parallax recently wrote advice on how to do this. |