ShortList is supported by you, our amazing readers. When you click through the links on our site and make a purchase we may earn a commission. Learn more

Got a Flickr or Yahoo account? You're going to want to change your password

Some 500 million account details have been stolen by hackers - here's what you should do

Got a Flickr or Yahoo account? You're going to want to change your password
23 September 2016

Yahoo has confirmed that some 500 million user account details have been stolen by what they describe as "a state-sponsored actor".

The internet company explains that in 2014 a large amount of user details - including names, email addresses, telephone numbers, dates of birth, hashed (partially protected) passwords and some security questions - were stolen from its network.

It's thought to be the largest hack of its kind, and even has the potential to destabilise a multi-billion dollar merger deal with US telecom group Verizon - but you don't care about Yahoo's woes, you want to know if you're at risk, right?

Am I affected by the Yahoo hack?

If you've got a Yahoo account that existed before late 2014, or haven't changed your password since 2014, there's a very good chance your data was stolen in the security breach. Yahoo will be emailing every potentially affected user by email and will be posting further security details to its website

Yahoo accounts are also linked to many Flickr accounts - the popular imaging service owned by Yahoo. The company has said that "some" Flickr account users will have been affected, but hasn't stated how many. To be on the safe side, you're going to want to change details associated with your Flickr account as well. 

As for Yahoo's other big web service, Tumblr, you're apparently in the clear: "The systems from which the data was stolen contained no Tumblr user data at the time of the theft" writes Yahoo.

What should I do?

Foremost, change the password of your Yahoo account. Right. Now. Then, set up two-step verification for your Yahoo account: this system will notify you on a phone number or separate email account if someone is attempting to access your account, sending you an extra code that's required before you (or someone else) can get onto your account. You'll also want to change your security questions. 

Then, have a good hard think about any other accounts you've got that shared the same email and password as your Yahoo account. As the stolen details included telephone numbers and dates of birth, all this data represents a high risk of identity fraud.

You should never use a password for more than one account - but we know how bloody infuriating it is to think up a new password every time you order anything on the internet. Any service you use that has the same details as your Yahoo account is now potentially at risk of being accessed should someone pick up these stolen details.

Anything else?

In addition to changing passwords and adding two-step verification to every service that offers it, you're going to want to keep an eye out for suspect emails. 

If hackers have just grabbed a load of email addresses, they may send messages containing harmful attachments. As is normal practice for any odd email from a sender you don't recognise, delete it: don't open it, don't reply to it, don't click on any links it contains. Be cautious. 

Otherwise, Yahoo is advising user to "Review your accounts for suspicious activity". Check your sent items. Check details associated with your account. 

Yahoo is continuing investigations into the hack, as is the FBI. We'll doubtlessly hear who the potential "state" behind the sponsored attack is in the near future.