14 Tips to Protect You After Yahoo’s Data Hack

14 Tips to Protect You After Yahoo’s Data Hack

Allshred Services is in the business of preventing identity theft.  We do this by providing our clients with secure document destruction and hard-drive destruction services.  We’re continuously looking for ways to safeguard our clients’ sensitive data – but there are some times that this goes beyond what we can control.  Recently, Yahoo was involved with a breach of over 500 million of their accounts – including Yahoo Mail, Yahoo Finance and Yahoo Fantasy Sports – all of which were stolen in 2014 and now they are just announcing it.

The stolen information may have included names, email addresses, telephone numbers, dates of birth, and in many cases, security questions and the answers people gave, Yahoo said.

So, if you are like the majority of internet users with email in the 90s and early 2000s, you were probably affected.  So what should you do?

There are many good tips out there.  Being from Ohio, we like this list (modified, somewhat) from Teresa Dixon Murray from the Cleveland Plain Dealer.

1. Assume that anything that was in your Yahoo email account could be in the hands of bad guys, including passwords to other web sites and accounts.

2. Make sure all of your passwords on all of your accounts — especially on any other email account or financial account — are solid and are not the same one you used on any of your Yahoo accounts.

3. If you used the same “secret questions” on your Yahoo account and any other account that you have, start changing them. Favorite movie of all time? Pet’s name?  Middle name of your youngest sibling? Change them all.

Don’t use secret questions that other people know the answers to. There are lots of people who know your high school mascot. It’s probably easy to figure out from your Facebook page or among anyone you knew in high school. Don’t use the name of the street you lived on as a child. Or your pet’s name. Tons of people know the name of your dog, cat or guinea pig.

4. Further, when you’re asked by a bank or a credit card company or any entity to provide something like your mother’s maiden name, don’t provide the true answer. Your mother’s maiden name is easy to find. When I’m asked for my mother’s maiden name, I give them a fabricated last name.  Write this down – else you’ll forget it.

5. Watch out for suspicious emails or phone calls that try to trick you into disclosing personal information, based on already having some information about you that may have been extracted from your Yahoo account.  With a data breach of this scale, many of us will receive emails and calls that claim to be from Yahoo and asking us to click on links or fill out forms or provide even more personal information – never provide provide your Social Security number, date of birth, bank account information, etc.

6. Remember that stores, banks, universities and investigators will never contact you out of sky blue and ask for personal information such as account numbers, Social Security numbers, passwords, etc. Never. Ever. And they’ll never contact you and ask you to change your password by clicking on an unknown link. Don’t click on links or reply with any information. Never. Ever.

7. This same warning applies to anyone who calls you and claims to be from Microsoft or Apple support and says you have a problem with your computer and the caller needs access to your computer to fix it. Just don’t. Ever. Just hang up without saying bye.

8. Be more cautious about anything you post on social media — Facebook, Twitter, Instagram, etc. You can provide thieves with a lot of information without meaning to. This is especially troubling if you post the name of your best friend and photos of your dog online, and then use that information as the answers for security questions for bank accounts.

9. Consider paying for identity theft protection. You’re looking for the kind that can alert you to any underground use of your Social Security number, credit card numbers, driver’s license number or email.

10. Watch out for anything odd — a medical explanation of benefits for a service you didn’t have or from a provider you don’t recognize, a rejection letter for an account you didn’t apply for, a missing credit card statement that is more than a few days late. These could be signs of identity theft.

11. Put every type of protection you can on your financial accounts. If you can use two passwords, do it. If you can require codes to be sent to your phone in order for you to log in, do it. If you can request email or text alerts for purchases or bank account withdrawals or changes to your contact information, then do it. While you’re at it, make sure that companies you do business with have all of your current contact information in their files.

12. Monitor your primary bank accounts, credit cards, investments, etc., more carefully than ever. Every week is good. Every day is better.

13. Check your credit reports regularly. You’re entitled to one free credit report per year from each of the three major credit bureaus. Go to annualcreditreport.com or call 1-877-322-8228.

Best advice: Order a credit report from one of the bureaus every four months.

14.  Shred Everything!  What?  You’d think we wouldn’t add this one?  Any junk mail, credit card solicitations, old magazine subscriptions – all of it contain personal information that could be used to open up accounts in your name.  If you’re questioning whether to throw something out