This’ll be the last email from me before Christmas day so I want to say I hope you and yours have a very Merry Christmas.
And feel free to have a look at those for a bit of festive fun.
But there’s something else I felt I really ought to talk about – and you might have seen it in the news.
It’s news about Yahoo having lost (well, not lost exactly – it was stolen) some data. And by “some” I mean “huge massive great piles”. Details of 1 billion email accounts, in fact. But there are a few things to clear up – and if you have a Yahoo email address this could be really important for you.
Even if you don’t have a Yahoo email address, I’d read it, especially the “crucial bit” – in case your email provider ever gets similarly hacked.
So the first thing to say is if you heard about Yahoo losing 500 million email details recently, this isn’t the same case – it’s a separate incident.
Secondly, to be fair to Yahoo, they weren’t storing email addresses and passwords unencrypted. The email addresses were “hashed” – but in a type of encryption that can be broken nowadays (I don’t know whether it could be broken at the time of the theft – it could be the bad guys stole the data, then kept it quiet, waiting until they could crack it).
And it’s not just happened – it happened back in August 2013. So in a sense it’s old news. But it’s only just come to light. From the sound of it, Yahoo didn’t spot it (it’s very hard to spot someone’s copied your data) – the police (or some law enforcement agency in America) did.
What’s been stolen is email addresses and a way to bypass the passwords that go with them – which means someone could log in and then get at or even change your password, then read your emails and send (spam) emails that look like they’re from you. Of course, if they’ve changed your password, you won’t be able to get in – not unless you have a way to reset your password set up.
Yahoo have already fixed it so that the trick for getting in without the password doesn’t work any more. But if the hackers have already got in, they may have got your password.
Yahoo have said they’re going to contact everyone who is affected to let them know.
So what do you need to do?
Well, if you have a Yahoo email address, you should log in and see if you have an email from Yahoo saying you’re one of the people affected.
If so, you need to change your password so the hackers can’t get in again. In fact you might want to change your password whether or not you’ve had an email from Yahoo, just to make sure.
But here’s the crucial bit:
If you get an email saying you’re affected and giving you a link to click to reset your password, don’t click it.
You see, I bet there are scammers sending out fake emails to every Yahoo email address they can think of right now, saying “Your account has been compromised, click here and reset your password” or similar.
Don’t do it!
Instead, change your password in the normal way you would: log in to Yahoo as normal, then click (or tap) on the cogwheel near the top right. Then from the menu that appears, choose “Account info”, click on “Account Security” (it might ask you to put your password in to check it’s you).Then click on Change Password and put your new password in twice.
One more thing: while I was doing this it asked me to confirm my phone number – I have a mobile phone set up so if I do get locked out of my account they can text me a code to let me in again. But their code to confirm the phone number wasn’t working. I suspect this may be due to thousands and thousands of people using it at the moment – but for whatever reason, it’s pretty embarrassing for them just after these problems… and given that they pop up a message suggesting you confirm your phone number in this way, only for it to not work. So don’t worry if it doesn’t work for you – it’s not you doing something wrong!
One more thing: if you find your password doesn’t work when you go to log in, it might be that hackers have already changed it. There should be a link “I’ve forgotten my password” – click that and it’ll take you through some things you can do to get back in.
Right, that’s all for now. Sorry it wasn’t more Christmas-y but this seemed too important to wait until later. You can always have a look at the advent calendar or Santa tracker for something cheerier.
Have a very Merry Christmas