Yahoo’s Second Data Breach

Yahoo’s Second Data Breach

After one of the biggest cybersecurity breaches in history, it is reported that Yahoo hack is even worse than originally believed. According to the estimates, nearly 1 billion Yahoo accounts were breached, compared to last year’s 500 million breached accounts report.

Yahoo data breach

What hackers can do with your Yahoo credentials

Hackers who stole the information from Yahoo servers now have your name, password, answers to your security questions, and any other personal data you provided in your profile. This information could be used for so-called “credential stuffing” when your username/password pair is used to get access to other user accounts. This means hackers can access a massive portion of your digital life, beginning with your personal blogs or websites, and ending with your Facebook account and online banking – everything is at risk if you had the same username/password for all your accounts.

How does credential stuffing work?

  • Attackers obtain your credentials
  • They then use an account checker script that tries to log in to the websites using stolen pairs credentials
  • If successful, hackers steal or use breached accounts for their own purposes (i.e. identity theft, credit card fraud, spam, or stealing everything that can be used or sold).

Most people have used their email to send copies of their ID; having all your credentials and ID scans, hackers can do anything. A perfect example is building websites for selling drugs, guns or other illegal goods on your behalf. Another common use for stolen credentials is pfishing—hackers build copies of popular websites, asking you to update your profile, giving you the stolen information to make you believe this website is real and contains your data.

How to know if your Yahoo account is compromised

The Yahoo team sent security emails following the last security breach reported in September. This breach is no different. Yahoo security sent special emails advising people to change their credentials and security questions in order to harden their data security level.

However, the problem is that these security questions are common on many websites and you have to spend hours trying to identify and fix accounts with the same security questions. The other problem is that hackers already know at least a few combinations of security questions and answers, preventing you from using them in the future (e.g. your cat’s name, the model of your first car, or the city where you were born).

How to make your Yahoo account more secure

If you remain a loyal Yahoo user, there’s not much you can do to prevent security breaches in the future. However, there are few things you can do to strengthen your data security level.

The first step anyone with a Yahoo account should take is changing the password and security questions. You can use any desktop password manager to create a strong and unique password that will only be used for your Yahoo account. In addition, you can delete or change certain information you no longer want to store in Yahoo account, such as your address or date of birth. Remember one simple rule–the less data you have online, the more it is protected.

At Akruto, we value data security. If you are an Outlook power user and concerned about securing your data after the Yahoo data breach, we recommend you try AkrutoSync. With AkrutoSync your Outlook data is never stored on any 3rd party server, making it impossible to hack or compromise your sensitive information. Check out our guides on how to sync Outlook with Android and iOS.

Is it time to say goodbye to Yahoo?

The two largest data breaches in history reported within a six month period has already pushed away thousands, if not millions, of Yahoo users. Taking into account Yahoo’s financial problems, lack of innovation and, most importantly, data security issues, we believe people should consider Yahoo alternatives and migrate if they don’t want to risk this situation again.

Yahoo alternatives to consider after a data breach

After a billion accounts were compromised, many people began looking for a safe alternative to Yahoo to host their data. The most secure alternative for individuals is to migrate from Yahoo to Gmail or Although keeping your personal data in the cloud is not 100% safe, these solutions appear far more secure compared to Yahoo at the moment.

For business owners we recommend switching your email to dedicated providers or setting up servers on the premises, which will give you better control over your data.

Share this post

No Comments

Join the discussion