Second Yahoo Account Breach

In September we shared a warning of a 2014 breach of Yahoo accounts that was discovered this year. On December 14, Yahoo announced that over 1 billion accounts might have been compromised in a separate attack in 2013. As with the previous attack, Yahoo warns, the account information may have included names, email addresses, telephone numbers, dates of birth, encrypted passwords, and, in some cases, security questions and answers.

Yahoo will contact the owners of all affected accounts, but since the breach occurred three years ago, it may not have current contact information for everyone who was affected. If you had a Yahoo or Yahoo web properties account (Tumblr and Flickr, for example) in 2013, we recommend that you take the following steps:


  • Review the security questions associated with your Yahoo accounts and change your answers. Do the same for other accounts for which you used the same questions and answers.
  • Change the password to your Yahoo accounts and any other accounts that may use the same password.
  • As always, carefully watch activity on your online accounts and look for transactions that are unfamiliar.
  • Set up two-factor authentication on any site that provides that option.

Note: The fact that you may not use the account frequently or your account is inactive doesn’t mean that the information wasn’t stolen.

More on this story from The New York Times.


Questions? Comments? Email [email protected] or call 212 217.HELP (4357).