Yahoo was hacked in 2014. Shamefully, the news was released only in September 2016. It was one of the biggest data breaches in history and even encrypted passwords were stolen. So, firstly, if you have a Yahoo account, change your Yahoo password now.
But the breach may impact you beyond just your Yahoo account. When Integrated Media Strategies builds websites for clients or helps them with their small business email accounts, we create long, randomized passwords like s0cnZS)XD'H[4RmkL. We'll get grumbling that they are impossible to remember. We usually spell out the cost of a site brought down by malware or that's been hacked because of poor security practices. "Username: Admin Password: Admin" is something we've seen too often. Clients will also entrust us with access to their hosting and other accounts, and when we see their passwords, it's often a variant of their children, dog or something like "Passw0rd". They reuse that same password everywhere to save the hassle of remembering multiple passwords, unaware of how a breach in one place can have a cascading impact on all their accounts.
Hackers know about reuse of passwords and password associations to pets and family. So when the data gets sold on the dark web, the hackers who are buying this data will begin using that password as a point of departure to hack other accounts or simply to monitor your email for other information that can be used to breach other accounts in conjunction with the password they already have.
So the password stolen from Yahoo is a natural starting point for a hacker to run a hack on other sites you use. If you use the same password that you used on your Yahoo account - or a similar one - anywhere else, you need to change it on those other sites too or find they have been compromised, too.
We recommend to our clients to use a Password manager. We use Dashlane, but there are others. Then systematically go through all of your accounts and change your passwords to something that can't be brute force hacked. Twelve characters, upper and lower case, with numbers and some symbols. For your password manager, use something you can remember, but which is word salad, like Ta5ty!PenC1.
If you don't have an IT department and would like some training on this subject, contact us.