This week, Yahoo suffered the biggest security collapse in its entire corporate history, with literally billions of user accounts reportedly compromised in an extensive hack. The news broke on Tuesday, and since then, plenty of Yahoo users have surely been wondering: did the Yahoo data breach affect me? Was my account compromised, like so many others were? And if so, of course, what can I do?
Well, here's a simple way of figuring out the answer: did you have a registered Yahoo account in or prior to mid-2013? If the answer is yes, then congratulations, because your detective work is over. According to the company, some three billion accounts were hacked, which amounts to every Yahoo account in existence at the time the 2013 breach occurred.
Back in December of 2016, Yahoo acknowledged the hack, stating that "more than one billion user accounts" were compromised. That was a true statement ― three billion is definitely more than one billion ― although as it's now been revealed, it sold the true magnitude of the situation pretty short. In reality, basically anyone who had an account when the hack went down had their data breached, so if you fall under that group, well, so was yours.
Now, to be clear, this doesn't mean that three billion people have had their data comprised. That would require that every person with a registered Yahoo account only had one, and that's simply not the case. In other words, if you have two or three different accounts for different purposes ― a personal account, and anonymous burner account, and a professional account, say ― then you've been hacked three times, but only one person's data has been compromised.
According to a United Nations report from late last year, about 47 percent of the global population now uses the internet, which would amount to approximately 3.5 billion internet users worldwide. The question, in other words, is how many of those people actually had Yahoo accounts, and how many Yahoo users had multiple accounts.
Regardless, the breach poses serious online security risks, and not just for the specific accounts that were compromised. That's because, contrary to the advice data security experts have been dishing out for decades now, many people continue to use the same passwords across multiple accounts, making one hacked account a potential threat to them all.
In short, if you're one of the people affected by this hack ― which is to say, someone who started using Yahoo prior to 2013 ― you're going to want to change the password on your account (or accounts) immediately. This would also be a great time to brush up on your password practices, if you've been negligent or casual about them in the past.
For instance, don't be one of those people who uses a rudimentary, easily guessed password, like all the folks who're still using ones like "password," or "123456," or something similarly easy to hack.
If you're looking for some help generating strong passwords, you might consider making use of a random password generator or manager, one that'll spit a random, lengthy combination of upper and lower-case letters and numbers at you.
And remember: in this day and age of digital vulnerability and online hacking, if you're worried about forgetting your password, even the old analog system of writing it down someplace is a better idea than just using one password for everything. If you simply write your passwords out on a physical sheet of paper, and put it somewhere secure and out of sight in your home ― say, in a desk drawer ― you can be reasonably assured it won't be hacked. Burglarized maybe, at which point you'd have to quickly change your passwords. But there's no such thing as guaranteed security, after all.