There barely seems to be a week go by without a report of hacking or theft of data. Here’s a rundown of what to do if your email address is hacked and if other details have been stolen.
Latest Yahoo hack (14.12.16)
Yahoo has confirmed that over one billion (yes, billion) customers’ details were stolen in a hack in 2013. This seems to be separate to the half billion users’ details stolen in a hack in 2014. Yahoo released details of this hack in September. The information stolen this time round includes names, email addresses, dates of birth and encrypted and unencrypted security questions and answers. The hackers also got away with passwords but these were encrypted and hashed. ‘Hashed’ means that they cannot be unencrypted, or if they can, it’s like to be so expensive that it’s not worthwhile.
You can read some information about the data breach on Yahoo’s US website.
Yahoo is contacting people it believes were affected through emails and possibly a prompt when you next log in. So, if you’ve not used your Yahoo email account for some time, I’d recommend you log in so that you can see whether or not you’ve been affected.
This is what Yahoo recommends you do if your email address is hacked:
- Change your password and security questions and answers for any other accounts on which you used the same or similar information as your Yahoo account.
- Review your accounts for suspicious activity. If there’s anything out of the ordinary, contact Yahoo.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
SAVVY TIP: They’ve also published a list of frequently asked questions These have some information about the data that’s been stolen and how you can reset your password. As an alternative to using a password, you can sign up to Yahoo Account Key, which means that you just need to sign in with your user name and then use the authentication key that’s sent to your mobile.
What to do if your email address is hacked
If a hacker ‘only’ takes your email address and, for example, encrypted and hashed passwords, there’s a limit to what they can do. However, it’s different if you use this password for other accounts. That’s especially true if valuable information is stored by these other websites.
SAVVY TIP: It’s hard to use different passwords for each account if you have lots of different ones, but it’s such a good security habit to get into. Don’t keep a record of your passwords on your computer because that could be compromised by malware. Instead, you could write them down in a paper notebook – in some sort of code, unless you leave the notebook safely at home.
If you have a unique password for each account, you might find yourself on the receiving end of more spam and phishing emails than before. However, the hackers would need more information than this to, for example, apply for loans in your name.
SAVVY TIP: If you find out that financial details or a lot of personal information is stolen, such as your address, date of birth and full name, you should check your bank statements. Do this after you’ve changed your password if you bank online. Next, request a copy of your credit reference file, which you can do online for just £2. Contact all three credit reference agencies, Equifax, Experian and Call Credit. Call Credit operates a credit report service called Noddle, where you can see your credit report free for life. There’s information on How to get hold of your credit report and why you should in the section called ‘Everyday Money’.
Choosing strong passwords
Determined ID fraudsters can use computer programmes to work out your password. It’s nothing more sophisticated than trying every word in the dictionary against your password. This includes country and place names as well as recognised words. Even if they only manage to access a small number of email accounts, they can then use these accounts to set up others.
Choose your password carefully. I met with a web security whizz who told me – amazingly – that some people use obvious words like ‘password’ as their password. If you want to make life difficult for potential ID fraudsters, use two or three unrelated words joined together as your password.
SAVVY TIP: If your password is ‘banana’, this can be cracked relatively easily by ID fraudsters if they have your email details. Even if you change some letters to numbers, so it reads ‘ban8na’ you’re unlikely to defeat them as they buy software programmes with dictionaries where numbers are substituted for letters. A stronger password would be something like ‘bananadesk’. This is because it would take fraudsters such a long time to run through all the possible two word combinations that they may not bother. If your password is something like desk752, that’s also strong because it’s effectively two words.
Never use one password for all your accounts. These days many of us have so many online accounts that it’s easier to use one password for all of them. However, it’s much safer to use separate passwords (or variations of existing ones) for your accounts.
Be vigilant for spammers
A few years ago phishing and spam emails were decidedly amateur affairs. But today they’re much more sophisticated. It’s true that 99% of people may ignore them but the 1% who are taken in can prove lucrative.
- Watch out for spam and phishing emails. Don’t click on any attachments — and double check them even if they’re from names you know (such as HMRC, your bank or recognised software providers).
SAVVY TIP: Spam or phishing emails can be very convincing. But clicking on one can mean you install malicious software that’s designed to steal passwords. If you think you may have been hacked, run an anti-virus scan. Use a different anti-virus company to your regular provider, but be careful about the free anti-virus software you choose. Some of these may not be genuine.
Keep your mobile data safe
If someone else loses your personal details or it’s hacked into, there’s not much you can do about it. However, you can make sure your data is as safe as possible on your PCs and mobile phones etc.
- Don’t sell your mobile phone/PC without clearing the data. A recent survey found that half of mobile phones sold on eBay and second hand shops had sensitive data on them. They only tested 35 phones so it was a pretty small sample, but the results are still worrying. Some phones had credit card data and passwords on them. It’s not enough simply to delete the data as it will still be present on the phone.
SAVVY TIP: To get rid of data completely, you should restore the phone to its factory settings — and don’t leave your SIM card in the phone when you sell it.
SavvyWoman email newsletters: If you found this information useful why not sign up now to receive free fortnightly email newsletters with money saving tips and help? You can sign up at the top of any page on the website and your details won’t be passed to any other company for marketing purposes.