Yahoo users are just finding out that their information might have been stolen and that the theft happened four years ago.
Yahoo, now owned by Verizon, said they recently obtained new intelligence that led to the discovery.
In November 2016, Yahoo was first made aware of the intrusion. The tip came from law enforcement who notified Yahoo that a third party claimed to have their data, and it ended up being true. Further analysis revealed that the data was stolen back in August 2013.
Four years later, consumers are first learning that the breach could have affected every single user with a Yahoo account back then.
The thieves reportedly stole names, email addresses, telephone numbers, birth dates, hashed passwords or passwords that had a form of protection, and in some cases, security questions and passwords.
According to Yahoo, passwords in plain text, payment card data, and bank account information was not compromised.
In light of the announcement and recent Equifax breach, the Maryland Office of the Attorney General is warning consumers to be vigilant. In a statement, a spokesperson wrote in part:
“We continue to encourage residents to change passwords, monitor their financial accounts for fraudulent activities, look into credit monitoring options, and to take advantage of the credit freeze law that went into effect Oct. 1, which allows Maryland residents to freeze credit free of charge for all three credit-reporting agencies.”
You will need to pay $5 each time you want to temporarily lift the freeze. The freeze is permanent unless the consumer requests to terminate the freeze, in which case, they would need to pay another $5 to place a security freeze.
Yahoo has taken action to better secure user accounts but it’s recommended that you change your password not just for Yahoo, but for any other account that you use similar log-in information. Once hackers have your ID and password, they can try the same combination on different sites.
Scammers are also taking notice of the massive breach.
Yahoo warns that they will try to send fake emails that look like it's coming from them. It’s really an attempt to steal your personal information. Yahoo says they will not send an email that asks you to click on any links or includes attachments.