Many years ago Yahoo users fell victim to one of the largest data breaches in internet history. Names, passwords and email addresses for every single customer account on the company’s servers were exposed in a cybersecurity attack. This attack was very sophisticated – three billion users across multiple services under Yahoo’s umbrella were left vulnerable as a result of the hack. In late 2017 the complete details surfaced after Yahoo’s parent company was made aware of the nature of the attack.
Whether you use services such as Yahoo Mail, or providers such as Microsoft, Google and Apple, you should be aware about the security of your own email address. After all, your email may be the single most important digital asset you own. All communication is typically related to your professional networks, personal relationships, and credentials for every other digital service for which you’ve signed up. All of this data can be used for identity theft, financial fraud, a vehicle for spam, and blackmail. While there are safeguards you can implement to deter cyber thieves from accessing your personal account, in a severe breach these best practices may not be enough to prevent your email account from being hacked.
If you suspect that you have been targeted, quick action on your behalf is always required to prevent further damage. If you are in the office, communicate with your IT Administrator immediately. If you are at home either contact an IT professional, or follow these steps to try and recover your compromised email account. (Remember, in a widespread and very severe breach, these best practices may not be enough to recover your account, and there may be future damages to recover from).
Try to change your password. You will need to verify whether your email address is still accessible. Most hackers will immediately change your password to prevent you from using your account. If you are able to secure entry before this has been done, you can reduce the threat of further attacks.
- Make sure your new password differs completely from your last one, and don’t reference any easily guessed personal details such as your birthday or your pet’s name. Ideally, your password should be at least 10 characters long, and it should include a special character and number.
- In addition, you should look to change your answer to any secret questions used in the account recovery process. After doing so, confirm that the alternative email addresses and phone numbers associated with your email account are not changed.
- If you are having trouble regaining control of the account, visit your mail provider’s site for instructions on recovering your account. Apple, Google, Microsoft and Yahoo all have guides on their sites, as should other email and internet service providers.
Email everyone on your contact list including business associates, family members and friends about the breach. Next, get in touch with your email provider and report the details. Not only will this alert them to future infiltration attempts, but they may also be able to provide you with further details about the incident and where the access attempts came from.
If you feel sensitive information like bank records have been compromised, you should reach out to a credit reporting agency and have them track your personal credit activity in the months following the incident.
Your account may have been hacked through malicious software, so scan your computer for malware and viruses with a security program. You should also update your computer and devices with the latest security updates.
Recover Your Account. If you cannot access your account using your old password, then you will need to put in some extra effort before you can recapture sole control of your email address. Start with the “forgot your password” option and check out the recovery options available. It may be as simple as sending an email to an alternative account or a text message to your mobile phone to regain control.
If these options are not available, or you do not have access to your alternative accounts, then you will need to browse through the help center for your email provider for other means of securing access. In worst-case scenarios you might be forced to contact customer service from your provider.
Check Your Email Settings to make sure nothing has been changed. Keep an eye out for any changes made to your email settings and reset them back to your preferences. Possible issues you should be aware of include:
- An unfamiliar forwarding address added to your email
- A new “reply to” email address that tricks your contacts into sending their replies to a different account
- An enabled auto-response option, used to send out spam messages to your contacts
- Malicious links added to your email signature
Once you have reset any changes to your settings, look at your sent folder to see if the hacker sent out any sensitive information found in your email history.
Change Passwords for Other Accounts. If you are using the same email and password for multiple accounts, get to work changing your login credentials for these services as soon as possible. This would be a good time to choose unique passwords for each service. Scan your email inbox and trash folders for any password reset messages. Most hackers can identify other websites that make use of your primary email address. Once they have figured that out it is simply a matter of sending a password reset link and you suddenly have a plethora of compromised accounts on your hands. Make sure to reset login credentials for any similarly breached logins.
The New York Times
The Federal Trade Commission Consumer Protection Agency