News

You Should Change Your Yahoo Password Right Now

Remember the embarrassing Yahoo email address you set up when you were 14? Well, it looks like you could be in for a trip down memory lane now that Yahoo has confirmed that more than 500 million of its user accounts were compromised in a massive breach. So, while you probably don't remember your password, the company is warning that you should login and change it ASAP.

In a statement posted Thursday afternoon via Tumblr, Yahoo said that information such as names, email addresses, phone numbers, dates of birth, hashed passwords, and even encrypted or unencrypted security questions and answers could have been stolen from "at least 500 million user accounts." Worse yet, the company believes the massive breach -- easily among the biggest in history -- is the result of a malicious "state-sponsored actor" that attacked the company's network back in 2014. Wonderful.

Yahoo said it is sending this security notice to users who may have been affected by hack, and is strongly urging them to change their passwords and account verification settings immediately. Additionally, the company is recommending that all of its users take the following security precautions, according to the statement:

  • Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
  • Review your accounts for suspicious activity. 
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
  • Avoid clicking on links or downloading attachments from suspicious emails.

But really, people, if you have a Yahoo account of any sort, you probably shouldn't wait to hear anything from Yahoo before you change your password, set up new verification settings, and even enable two-step verification on your accounts. Here's an FAQ page the company set up to help you out. Go, go, go

If you don't have a password to change right now, here's what Verizon -- which bought Yahoo's core business for $4.83 billion (although the deal's not final) -- had to say about the monstrous breach, according to a report by Mashable:

"Within the last two days, we were notified of Yahoo's security incident.  We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact.  We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment."

Well, damn...

Sign up here for our daily Thrillist email, and get your fix of the best in food/drink/fun.

Tony Merevick is Cities News Editor at Thrillist and almost forgot he still has a Yahoo account. Send news tips to news@thrillist.com and follow him on Twitter @tonymerevick.