Yup, this hot news has just entered to SOT Editorial staff room. The latest news showed that almost half million account of Yahoo user is threatened by hackers, who knows, that one of them is yours!
This information can be read in:
I will pick some part of the news:
The news is posted in public website by a group of hacker known as D33Ds Company, which stated that they successfully exploited Yahoo subdomain using what known as SQL injection technique. This hacking technique prey web application with low security level which didn’t care bout text entered into their box searching and using other input field. By inserting powerful database command, attacker would be able to deceive and backup server, so receiving large amount of sensitive information.
To support their claim, hacker posted that they hold 453,492 Yahoo accounts, more than 2,700 database tables or names, and 298 MySQL variables which can be exploited easily.
What we concerned is, if from those accounts, in fact there’s your account, and hackers able to take sensitive information in your account. Don’t let that happen! SOT suggested you to do this efforts as preventive action:
Resetting/Recovering your password
You need to reset or recover your password! Change your password into a totally different password compared with previous password. Use combination of number and alphabet (alphanumerical). It will create strong password which would be difficult to be attacked by brute force method.
Enable two factors authentication
If your email has this kind of facility, use it immediately! For Yahoo, you can visit:
Login To Your Setting Account
Insert to email setting to change password and set your two factors authentication. You need to go into setting and make sure that everything alright. Here’s list of things you need to do
1. Check the recovery email
2. Check the password hint
3. Check your email forward setting to make sure no one send something using your email.
Change all password which is similar with your Email password
Many people prefer using similar password for some accounts. Quickly changed your password account in social networks or some other sites which are similar to your email password recently. To support you using different password, you can use password manager such as LastPass and KeePass which once also reviewed in SOT.
If you don’t use password manager, you should try these tips:
- Your Passwords should be longer from minimum limit decided by Yahoo (> 8 characters)
- Don’t use dictionary words as part of your password.
- Use passphrase in stead of password
Practice a hygienist Password Usage in the future
It means, pay attention all previous tips, don’t repeat a bad password usage. If it needed, you should have unique password for each certain internet services. Don’t store your password insecurely, such as in file you hide in Cloud Storage or PC which clearly titled: “Passwords list”. It is like putting a pocket of gold in the townsquare! Don’t share your password insecurely, such as giving passwords to your friends via email. Even don’t share password with your friends at all, because you won’t find out whether your friends will be careful with your password or not…
Okay, that’s the short, dense, and trustable report from SOT. Don’t forget to take preventive steps to secure your Yahoo account, IMMEDIATELY!