Saturday, December 24, 2016

"So long Yahoo. It's been fun." - December 23, 2016

It’s tough ending a 22-year relationship. Trust was broken not once, but at least twice. And while ultimately confessions were made, it was not until years later -- after it was too late to repair the damage.

Thankfully I had ultimately moved on to something younger and flashier. I’m talking about Yahoo.
In September they confessed they had been hacked, and half a billion accounts were exposed. If that wasn’t bad enough, they confessed the penetration had occurred two years earlier in 2014.

And then just last week, they announced a possible one billion more accounts had been violated. Worse, that penetration had occurred in 2013 and Yahoo didn’t find out until the U.S. government found out and let them know last month. 

From both hacks, hackers stole names, birthdates, phone numbers and even passwords that were encrypted with a weak encryption technique.

Are you one of the one billion monthly users of Yahoo?  I am. I started using Yahoo soon after they began in 1994.  The web was smaller then. If you created a web site, you submitted the link to Yahoo. There, actual humans looked at your site and categorized it into Yahoo’s index.
Of course the web grew astonishingly fast, so that human indexing method failed to scale with the net. Soon little bits of code were crawling the net doing the indexing first, with companies like Alta Vista and ultimately today’s behemoth, Google. 

Yahoo moved to web crawling in 2000.

In 1997 Yahoo began offering Yahoo Mail, a free webmail service.  For many years it was my primary email account.  Even when I began using Gmail from Google, I kept Yahoo Mail. Many of my utility companies were still tied to that since that was the email I was using when we bought our home.

So what do we Yahoo users do now?

The first inclination is to close our Yahoo accounts and walk away. That would actually be a mistake.
If you close your Yahoo Mail account your username will ultimately be recycled and used by another user. In fact, the hackers may watch for them to be freed up so they can register them. That way any future emails to that account from someone who does not know you are no longer using it, will go instead to the hacker and give them information.

Instead, change your password to a hard to remember password. Replace that “funguy3” password with something like “djfdkf893jd%%2ss-g8uqd.” You won’t be accessing Yahoo much anymore, so put that password somewhere safe where you can paste it into Yahoo in the future. Or better yet, begin using a password vault application. If you are not a LastPass user, or other respected password vault application, this is a good time to begin.

Next, keep an eye on your credit report. Hackers can use information they glean from the hack to create new credit accounts.

Did you use the Yahoo password on any other account? Most of us re-use passwords on many different sites. Change those passwords now.

Another thing hackers got was answers to your secret questions. They may now know your mother’s maiden name, the name of your first-grade teacher, the name of your first pet, etc. They can use that information to get the password for your other accounts and, worse, change the passwords so you cannot get in.

The best practice with those secret questions is to lie. Make your first grade teacher “peanut butter,” your first pet’s name “psychedelic.”  Write down those responses somewhere and never answer the same question the same way on any account.

For best security and to incentivize other companies to spend time and money on security, open another email account elsewhere.  If Yahoo’s traffic plummets, other companies will understand it is important to prioritize security. Also, the Yahoo email account now has negative panache. Using it will have people believing your technical skills are less than they are.
On this week’s Link post are some steps to take to download your email and photos you have on Yahoo’s photo site Flickr. 


Get your information off Yahoo, harden your password, get a new email account, let anyone who has the Yahoo address know your new email address.  Finally, periodically monitor Yahoo for new messages.

No comments:

Post a Comment