Yahoo has confirmed that the personal information of at least 500 million users has been stolen – in what might be one of the largest hacks on record.
The data breach took place in 2014, but has only been made public now. The company believe that the information was stolen by a "state-sponsored actor". The data taken includes names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card information.
To make sure you know how to protect yourself if you have (or did have) a Yahoo account, we're going to take you through what to look out for.
Has my account been hacked?
Customers who may have been affected are being contacted by Yahoo via email – the internet firm has provided the email contents so you can check you're being contacted by them.
It's not just Yahoo users that could be impacted by this hack, but BT and Sky customers as well. Both of the internet companies have used Yahoo email services to power their own, meaning that the information of BT and Sky customers might be compromised.
It doesn't stop there. Yahoo owns a number of different companies and provides a variety of services, meaning that customers of Flickr, Tumbler, or Yahoo Sports might be affected too.
In total, it's believed that around eight million UK users could be affected in the UK.
How can I protect myself?
The advice coming from Yahoo to anyone that's affected or believes they might be, is to immediately change their password, and security questions and answers.
If you use the same password for a number of different accounts including thinkmoney’s Online Account Management, you need to make sure you change these too. A strong password contains a mix of lowercase and uppercase letters as well as numbers and symbols – so try to use a combination of these.
If you find it difficult to remember all of your various passwords, try using an acronym for each. For example, the well-known song The Greatest Love of All becomes TGLOA. Include a mixture of cases, add a memorable number and symbol and you could get something like this: TgLoA!01
Keep an eye on your account for any suspicious activity. You should contact your bank or credit card company (or alternative provider like thinkmoney) so they can monitor your account for you.
Here at thinkmoney, we'll text you on the mobile number we have for you if we spot anything that we think looks suspicious. If the transaction is genuine just text back "YES" but if you don't recognise it text back "NO" and we'll stop your card from being used.
Opportunistic fraudsters can often try to take advantage of these types of situations – only last year, there was a number of fraudsters pretending to be from TalkTalk after the telecoms firm was hacked. So be cautious of any emails you receive, or phone calls asking for personal information (such as bank details or passwords). Don't click on any links or download attachments in unsolicited emails.
Think you've already become a victim of a scam related to this hack? You can report it to Action Fraud and get a policy crime reference number.