Organizations are now increasingly investigating into the security risk of their acquisition targets after Yahoo signaled the world on 22nd September, Thursday, about something that is the biggest known breach of user information. Yahoo faced a security breach in the year 2014 for at least 500 millions of its users.
The company believes that the theft was executed by a state-sponsored actor occurring in late 2014. But there was no evidence that the state-sponsored attacker is currently on Yahoo’s network.
Yahoo alerts its users that a state-sponsored attacker had acquired all the data of the hacked accounts and put it up on sale in the dark market website. This information includes usernames, email addresses, hashed passwords which are not in plain texts, contact information, street addresses and more. But fortunately, no financial information is obtained.
But how do you confirm if you've been the victim of a breach like that of Yahoo?
Tightening up your security is the first major step you should take. For this, you have to primarily check which of your accounts is already affected by a security breach.
Most of the times, companies try and alert their users as soon as possible about any such breach that arises. But sometimes even the companies don't get to know about it for months or years together.
Watch out for an official email by Yahoo
Yahoo now says that it has been emailing the owners of the affected accounts. So users should make sure to keep an eye on the official email from Yahoo.
People should also beware of any unusual looking messages, particularly the ones that prompt them to click on certain links or to download attachments.
What if you haven't yet received the email?
Even if you haven't yet received any email notification from Yahoo, it is advisable to change your account password and enable a two-factor authentication process.
There have been a plethora of massive data breach attacks over the last few years. And there are chances that you may have been affected by at least a few of them.
Hence, one of the most reliable ways to verify the same for many of your major email accounts is the website https://haveibeenpwned.com/. This website is run by the Security Researcher Troy Hunt, who tracks about data breaches.
- Also read : Yahoo’s massive security breach: 500million user accounts hacked
How to check for the Breaches you were pwned?
Simply enter your most significant email address (at https://haveibeenpwned.com/) or the one you would want to make a check if it has ever been affected. The website tells you if a breach has occurred or not. It also tells you when the breach occurred and your exact information that was impacted.
You can additionally sign up for the 'Notify Me' alerts. These are tied to your email address if any other breach is detected.
Troy Hunt's website is by far the most comprehensive so it's not at all a bad idea to run your email addresses through it every once in awhile. There surely could be many other sources as well but Troy's site is quick and simple so it won't be a time-consuming process too.