Yahoo Breach May Leave Me Vulnerable to Identity Theft

August 1, 2012

Even though I’ve been writing about data breaches and identity theft in general for the past four years, I never really thought it would happen to me. Dunt dunt duh … until that fateful day two weeks ago. I tried to log into my Yahoo account, just like I have pretty much like clockwork for the past ten years. I typed in my password, and instead of being greeted by dozens of junk mails like usual, I was greeted with a pop-up window and the question, “Where did you spend your honeymoon?” Since I never went on a honeymoon, I found this to be quite confusing.

I called up Yahoo customer service and asked the helpful representative what was going on. She said I needed to answer this security question to be able to get into my account. I wondered why, but got nothing conclusive in this conversation, so I decided to do some research. Turns out, someone hacked into Yahoo’s network and gained access to over 450,000 user names and passwords. And I was one of the lucky ones. I wrote for Associated Content years ago, which was later acquired by Yahoo, and I ended up with my entire profile in the network being compromised.

The best thing is that Yahoo never notified me – and instead just upped my security settings. Who knows how many people may have had their accounts used by identity thieves and not even be aware of it? These could have included not only Yahoo email accounts but also those with other web-based and non web-based services.

It’s also rumored that Yahoo never took the time to encrypt the passwords, so it was super easy for the hackers to access them. Even if users took the time to create complicated and secure passwords, it wouldn’t have made any difference. However, it is interesting to note that some of the most common were still PASSWORD, QWERTY and 123456. Yep; people take a long time to learn.

So what to do in a situation like this one? Update your passwords at least once per month, and don’t use the same passwords for all of your accounts. If you have trouble remembering passwords, you’re going to have to come up with some kind of mnemonic to help you. One thing that I find to be helpful is to associate my passwords with some kind of symbol or song. Of course, I’m not going to tell you exactly what I do because I would have to give away my password. That’s another important thing. Always keep your passwords to yourself. There’s enough of them getting out that you don’t have to do so voluntarily.