If you have a Yahoo account, it’s imperative you act quickly to ensure it, and your other internet services, are secured.
Information including names, addresses, secret answers and passwords was stolen from Yahoo at some point in late 2014 and showed up for sale on the dark web in August this year. Yahoo says the “vast majority” of passwords were secured using an algorithm called bcrypt, which renders it impractically expensive for an attacker to try to break, but the company has not given any way of checking which passwords were in the minority not protected that way. Until they do, you should assume your password is unprotected, and act accordingly.
That means logging into your Yahoo account, and changing the password, as well as checking for any signs of misuse: new contacts, auto-forwarding rules or alternative email addresses, for example.
It also means changing the security information for any account that used the same passwords or security answers as your Yahoo account. Yes, this means if your Yahoo account used your mother’s maiden name, you are safest if you start using a different security question, or a different mother.
This advice doesn’t just apply to the people who had a Yahoo webmail account. A number of other popular services shared Yahoo logins, most notably BT Internet’s webmail service, and online photo storage service Flickr. Former users of other Yahoo properties including social bookmarking service Del.icio.us may also have Yahoo accounts without being aware.