On Jan 30th, 2014, Yahoo announced that a number of their email users usernames and passwords were compromised. According to the company, the accounts were exposed through a data breach of a third party database. Yahoo has not released any information about who the third party is or how many accounts were affected. Yahoo is urging users to change their passwords. They are also notifying affected users of the compromise via email or SMS Text Messaging. At present, it is unknown whether any information other than username and password was taken. Yahoo is working with federal law enforcement to investigate this breach.
Recommendations:
- Change passwords for all Yahoo email accounts.
- Change passwords for all accounts that user the same user id or password as was used for the Yahoo email account.
- Use unique passwords for every site/system and change passwords on a periodic basis.
- Create passwords that are long (at least 8 characters), complex (utilize at least 3 of the 4 following character types: special characters, alphabetical characters, numerical characters, and a combination of upper and lower case letters) and easy to remember but hard to guess. Passphrases work well for creating strong passwords.
For more information: http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users