In today’s day and age, we are concerned about hacks and data breaches with no attention to something as simple as resetting our usernames and passwords. But, you’ll be surprised at how your account can be taken over by just an email ID and a password!

To learn more about the privacy concerns and consequences of social logins check out our guide.

Recently, the information of more than 500 million Yahoo users was stolen. The theft may not only include users’ names and email addresses but also telephone numbers, dates of birth and in some cases, encrypted or unencrypted security questions and answers.

As a Google user you may grinning, but do you remember deleting that old Yahoo account? Here’s why you need to be more concerned.

What you need to know about the Yahoo attack?

The Yahoo attack may be the biggest data breach to date! It is claimed that a hacker named “Peace” attempted to sell the personal information of Yahoo account users on the dark web – a part of the world wide web but which requires special software to access by which you can enter secret websites including some online markets for illegal products.

Most internet users are usually not concerned of a data breach. But through a data breach, hackers could gain access to passwords – gaining access across multiple platforms as most users reuse their passwords. This leads to Credential Stuffing.

How the Yahoo attack could lead to Credential Stuffing?

Credential stuffing is the process of entering a breached username and password to fraudulently gain access to a user’s accounts. With access to your account, the stolen credentials are tested on many websites like social media sites and online marketplaces.

A successful login through stolen credentials can lead to hacker taking over other accounts. Through this process, the hacker could gain access to credit card information and personally identifiable information, leading to criminal acts – such as – sending spam messages or processing transactions through your account.

As an online population, how can we protect our accounts?

How can you protect yourself from an internet attack?

For Yahoo users, it has been suggested to reset passwords and take steps to secure your email accounts like cancelling unencrypted security questions and answers etc.

For general online security, here are a few tips –

  • Never click on a link that is an unexpected pop up;
  • Try using different passwords on different websites;
  • When shopping online only use secure sites;
  • Be cautious when using public Wifi; and
  • Never store your passwords on your email account and never reuse your primary email password. Many websites help you reset your password through a link sent to an email ID.

Privacy is important. To stay compliant with Australian privacy law, you need an up-to-date Privacy Policy. If you are running your own website or have built your own app you should also make sure that you are legally protected by connecting with an experienced website lawyer.

Let us know your thoughts on the Yahoo! data breach by tagging us #lawpath or @lawpath.

Nishita John

Nishita is a paralegal at LawPath working in our content team, which works to provide free legal guides to enhance public access to legal resources. With an Investment Banking background and a keen interest in Corporate and Commercial Law, her research focuses on small and medium businesses, and how to simplify complex legal procedures