Which? uses cookies to improve our sites and by continuing you agree to our cookies policy

Yahoo hack: three billion accounts affected

Every Yahoo user account ever created has been compromised by huge data breach

Yahoo Hack 3bn accounts

The largest ever data breach has been announced, with Yahoo confirming that the details of three billion user accounts – effectively every Yahoo account ever created – have been compromised. We explain what to do if your own account is affected.

Things have gone from bad to worse for Yahoo. The data hack, which took place in 2013, was first made public in September 2016. At the time, Yahoo revealed that up to a billion users worldwide – including eight million UK customers – would have been affected. With three billion accounts now confirmed as being hit by the breach, the crisis for Yahoo has escalated to an unprecedented scale.

Not all of these accounts will still be live and in active use, as data from historical accounts that have been closed or left dormant will be included among the hacked details. But for current Yahoo users, there is understandable cause for concern.

Yahoo hack – what data was stolen?

The data may include user names, email addresses, full names and dates of birth. Yahoo has stated that although encrypted passwords may have been lifted, no readable passwords in ‘clear text’ were stolen by hackers.

Furthermore, Yahoo has stated that its users’ bank account details or other card or financial data are not at risk from this hack.

Even so, this is a huge quantity of personal data that has potentially been in the hands of hackers for years. Leaked email addresses can create ‘send lists’ for spam emails, which in turn perpetuate a cycle of security risks and subsequent data loss to users.

It’s not just email addresses ending ‘yahoo.com’ or ‘yahoo.co.uk’ that may be affected. Yahoo provides some of the email address services used by BT and Sky broadband providers too.

What to do if you’re affected by the Yahoo hack

Yahoo is contacting its users directly to warn them that their account data has been compromised and to advise on the next steps they should take.

Yahoo data warning

Millions of users will have already received such messages following the original announcement of the data leak last year. However, with three times as many accounts now believed to be affected, all Yahoo users can expect to receive such a warning.

This will direct you through to Yahoo’s help page, which has been set up to advise users on what to do if their data may have been affected.

As a crucial first step, we would recommend changing the password on your Yahoo email account. Update this to a secure password that you don’t use for any other online services.

See our guide on how to create secure passwords

Watch out for fake emails

When a large-scale data leak happens, scammers are rarely far behind, looking to exploit users’ confusion and worry. It’s highly possible that fraudulent spam emails claiming to be from Yahoo could be sent to users.

These sorts of emails are known as phishing scams: a genuine company is imitated, right down to branding and logos within the email. The recipient is encouraged to click through on a link and supply login details or even payment information.

Due to the nature of the hack, there’s now a ready-made list of Yahoo accounts available for hackers to use when sending out such phishing messages.

Be sure to check that any emails you receive claiming to be from Yahoo are the genuine deal:

  • Watch out for poor spelling or grammar
  • Check the email address of the sender
  • Hover over any links within the email, but don’t click. This will reveal the destination URL (address) that the link will take you to. It will show at the bottom of your browser window.

Protect computer and your data with Best Buy security software

Back to top