Yahoo Now Says 3 Billion User Accounts Were Hacked In 2013 Data Theft

All of our content is written by humans, not robots. Learn More
By
&
Aliza Vigderman
Gabe TurnerChief Editor
Last Updated Aug 5, 2021
By Aliza Vigderman & Gabe Turner on Aug 5, 2021

Yahoo has had its fair share of data breach issues in recent years, and its most notable incident, the monstrous 2013 data breach that was reported to give hackers access to data from one billion accounts, was actually underestimated. The company now believes all three billion of its user accounts at the time were affected by the hack, according to an announcement1 on October 3rd, 2017. To be clear, this is not a new hack, just an update on the figures of the 2013 hack. Yahoo is basing the updated information on new intelligence and further investigation into the breach. New email notifications are being sent to the remaining affected user accounts, Yahoo claims. Yahoo’s 2013 breach involved sensitive user information such as:

  • Names
  • Telephone numbers
  • Birthdays
  • Security questions and answers

Considering how similar many security questions are on websites across the internet, this made the breach even worse.

The Equifax Hack: What You Need To Know

Yahoo isn’t the only company announcing an increased number of hacked accounts in recent days. Equifax also recently confirmed2 that an additional 2.5 million additional U.S. customers were “potentially impacted” by the firm’s recent data breach. The review also determined that roughly 8,000 Canadian consumers were affected by the breach. We offered further information in the aftermath of Equifax’s breach, and that advice still stands.

How To Protect Your Hacked Accounts

So, what do you do if you have a Yahoo or Equifax account? Although your information has been exposed, there are a number of steps you can take to safeguard your accounts and regain control.

Change Your Password

If you have a Yahoo account, you’ve likely changed your password since then, possibly even a number of times. But if you haven’t, or if it will make you feel more secure, it makes sense to change your password once again. Further information on the hack and subsequent responses can be found on Yahoo’s 2013 Account Security Update FAQs page.3

Add Two-Factor Authentication

Both Yahoo and Equifax offer their customers two-factor authentication, which means that when they log into their accounts, the companies will send passcodes to their mobile devices. Not only will the customer need their username and password to log in, but also this passcode, which prevents unauthorized access. Even better is multi-factor authentication, which requires fingerprint or face ID in addition to written credentials.

Change Your Security Questions

Along with your password, change your security questions and answers, ideally making them unique to your Yahoo or Equifax accounts. Try to make the questions surround something that only you know and something that’s not available anywhere else online. For example, you shouldn’t use the question “What is your mother’s maiden name?” if your mother’s Facebook page displays this information.

Install Identity Theft Protection

Finally, as a safety net, we recommend that you subscribe to any identity theft protection service that will monitor multiple areas for your personally identifiable information, such as:

  • Dark web
  • Credit bureaus (including Equifax, TransUnion and Experian, which has its own identity
  • theft protection service called Experian IdentityWorks)
  • Sex offender registries
  • Tax returns
  • Bank account takeovers
  • Pay-day loan requests

The service will also monitor other key criminal and financial areas. Most of these services also include identity theft insurance with maximum reimbursements of $1 million. While no service can guarantee detection or prevention of identity theft, the insurance will help you recover any lost funds and restore your identity.

Citations
  1. SEC. (2017). Yahoo Provides Notice to Additional Users Affected by Previously Disclosed 2013 Data Theft.
    sec.gov/Archives/edgar/data/732712/000073271217000003/a2017_10x3xoathxexhibitx991.htm

  2. Equifax. (2017). Equifax Announces Cybersecurity Firm Has Concluded Forensic Investigation Of Cybersecurity Incident. investor.equifax.com/news-and-events/press-releases/2017/10-02-2017-213238821

  3. Yahoo. (2013). Yahoo 2013 Account Security Update FAQs. help.yahoo.com/kb/account/SLN28451.html?impressions=true