Telecoms > Guides

Have a Yahoo account? it’s almost certainly been hacked – here's what you should do now

Robin Bowman

Robin Bowman
Dec 15, 2016

Yahoo says over one billion of its user accounts have been hacked going back to 2013.

It’s the biggest single cyber hack in the history of the internet. The chances are if you have a Yahoo, you’re a victim.

The internet company said this attack was separate to one in 2014 when half a billion accounts were hacked.

The company says names, phone phone numbers, passwords and email addresses were accessed, but not payment details.

It says that an "an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts”.

Yahoo said it did not know how the stolen data had been obtained.

Among the information stolen were security questions and answers, giving hackers personal details such as names of pets, parents’ maiden names and memorable dates. 

All of this can be used to reset passwords and also to access other online accounts.

Help us spread the word on how to stay safe by sharing our steps on Facebook and Twitter using the buttons at the top. 


I'm a Yahoo customer, what should I do?

Unlike most cyber attacks, this one has taken a long time to come to light, which in itself raises some big questions about Yahoo’s security and what its security teams were doing that they didn’t notice this attack.

Usually, an internet company will notice it’s been attacked fast and warn users.

First, assume your details were stolen because the odds are they were.

Changing your password is the first thing you should do, but it’s perhaps just as important to change passwords of other accounts and also security details.

If hackers were going to use your Yahoo account for malicious purposes, they would probably have done so by now.

But for many people, there will be a cross-over of some information between a person’s Yahoo account and others – maiden names and pets’ names, and other second-layer security data will be used on multiple accounts.

So, it’s essential that Yahoo account holders review these on other accounts and update and change where necessary.

Remember, too, that passwords are not enough. Activate two-step security on all accounts where it’s available. This usually involves receiving a text with a unique code that’s required each time you log in to an account from a new location or device.

Be alert – this is just a new wake-up call to treat everything you receive electronically with huge suspicion. Any attachment, any link should be viewed as potentially harmful, even if sent from a familiar address.

Remember, your contacts will have been accessed. So, slowing down when dealing with emails is a useful habit. Take time to look at the contents of an email you think is legit. Does it really read as though it’s from the person it says it’s from?

If in doubt, do not open that attachment, and do not click that link.

Create long and complex passwords … but also ones you can recall.

Use nonsense phrases that mean something only to you with upper and lower cases and then add a number that has a meaning only to you.