Latest Consumer Alert
September 23, 2016
Company discloses 2014 breach of more than half-billion accounts
Attorney General Tom Miller urges Iowans with Yahoo accounts to review other usernames, passwords and security questions they may use, in the wake of the company’s announcement of what may be one of the largest data breaches ever.
“We’re concerned about Iowans who may use the same username, password or security information for multiple accounts,” Miller said. “If criminal hackers obtained information you use to access your Yahoo account and you use that same information to access other accounts, it could enable them to hack into other accounts you use or sell that information to other criminals.”
On Thursday Yahoo publicly disclosed the massive cybersecurity breach of more than 500 million user accounts that occurred in late 2014, suggesting a “state-sponsored actor” is responsible. The compromised information “may,” according to the announcement, include names, email addresses, telephone numbers, dates of birth, hashed passwords (a form of encryption that mathematically transforms passwords) and, in some cases, encrypted or unencrypted security questions and answers. The company indicates that the breach did not include financial information.
Yahoo Users Urged to Change Information Related to Account Access
Yahoo users, particularly those who have not changed their password since 2014, should change their password and personal information—including security questions and answers—provided to verify an account. Users should also change identical information used to access other accounts.
Users should also monitor their financial statements, especially if they used identical information to access other accounts.
The Consumer Protection Division provides identity theft information on the Attorney General’s website at IowaAttorneyGeneral.gov.
Protecting Your Passwords
Strong passwords, and passwords that are unique to each account, provide better protection from hackers and malicious software.
- Create a password that is unique to each account, and change it periodically.
- Passwords should contain at least eight characters (the longer the password, the more secure). They should contain upper case letters, lower case letters, numbers, and non-alphabet symbols. For example, if you owned a cat named Tiger, “Tiger1” would be a weak password. “*McTh9L@H!” would be a much stronger password (short for “My cat Tiger has nine lives at home”).
- Don’t use plain words you’d find in the dictionary, common names or names of family members, pet names, or favorite things like sports teams or hobbies.
- Make sure that when you change passwords, the new ones are completely different from the old ones.
- Don’t write down your passwords and store them at your computer or stick them to your monitor. Store them in a safe place.
Consider using a secure password manager. Password managers allow you to create and store highly secure passwords, and you only need to remember one password.
For past consumer alerts, click here.