NAIROBI, KENYA: Security firm Sophos has warned Internet users against applying same password for multiple yahoo accounts.
Yahoo disclosed a new security breach mid this month that may have affected more than one billion accounts. The breach dates back to 2013 and is thought to be separate from a massive cybersecurity incident announced in September.
Yahoo now believes an "unauthorized third party" stole user data from more than one billion accounts in August 2013. That data may have included names, email addresses and passwords, but not financial information.
Security firm Sophos has prepared the following “best practices” to help guide people who think they may be affected this new disclosure of a Yahoo data breach.
Being aware of any data breach is important because many people use the same password for multiple accounts. Even data breaches from several years ago could still impact you today.
For Yahoo users and all computer users, Sophos advises these six steps as “best practice” for protecting personal data and pre-empting potential fallout from any data breach:
Consumers need to be aware of targeted phishing scams, a socially-engineered attack that cybercriminals use to lure people into clicking malicious URLS with malware. This is extremely important, now that personally identifiable information (PII) is in the wild as a result of this breach.
Change your Yahoo password and security questions immediately, especially if you use them on multiple accounts. As a rule of thumb, don’t use the same security questions and answers for all of your accounts.
Make all new passwords different and difficult to guess. Cybercriminals are now using tools that sniff out passwords reused on other, more valuable sites to make their work easier and to make the stolen passwords and other hacked data more lucrative on the dark web.
Include upper and lower case letters, numbers and symbols to make passwords harder to crack - refer to the Sophos How to Pick a Proper Password video for creating stronger passwords.
Don’t trust password strength meters - these are unreliable and inaccurate
In general, it’s always good practice to update your passwords, password manager and security questions, if you hear of a potential data breach that might affect you.”