Yahoo hack: What to do if your password has been stolen

The company has suffered the biggest data breach in history

Aatif Sulleyman
Wednesday 04 October 2017 13:11 BST
Yahoo Mail logo is displayed on a smartphone's screen in front of a code in this illustration taken in October 6, 2016
Yahoo Mail logo is displayed on a smartphone's screen in front of a code in this illustration taken in October 6, 2016 (Reuters)

A staggering three billion Yahoo accounts have been compromised and, if you’ve been affected, you need to take action as soon as possible.

The hack, which took place in 2013 and is the biggest of all time, exposed the name, email address, password, date of birth and phone number of every single Yahoo account holder at the time.

Fortunately, it’s easy to find out if your personal details have been stolen.

The website Have I Been Pwned? has a search tool that lets you quickly and easily check if you have an online account that has been breached.

Simply type your email address into the search bar and hit the Pwned? button to find out. The site also offers a Notify Me alert, which automatically contacts you when it finds out your account has been compromised.

If any of your accounts have been breached, you need to update your passwords immediately.

The hackers will try to use your stolen login details to break into not just your Yahoo account, but any others you have that use your Yahoo address.

It’s therefore crucial to ensure you use different passwords for different websites and services. Doing so will make it much harder for cyber criminals to breach your security.

If you struggle to remember multiple passwords, you can use a password manager, such as LastPass. However, it’s important to note that LastPass itself suffered a security issue earlier this year.

What's imperative, however, is that you avoid using passwords that are easy to guess, such as Password1 or qwerty123.

You can strengthen your password by combining words, numbers and punctuation, or by abbreviating a phrase you find easy to remember, and capitalising some letters.

It’s also worth deleting any old email addresses and accounts you no longer use, since keeping them open increases the likelihood of being attacked.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in