This week, news hit that around 500 million Yahoo accounts were hacked by a state-sponsored attack. For a while, Yahoo was the main email provider for Rogers customers, so some Canadians could be affected. What does this mean for the safety of your financial information? We spoke to Toronto-based cyber-security expert, Dave Lewis to find out.
Am I affected?
You may have received an email from Rogers informing you of the hack, prompting you to change your password. In a statement to Newstalk 1010, Rogers said that Yahoo is looking into the issue and that so far, no account numbers or credit card information has been stolen. In the next few days, you may want to check out HaveIBeenPwned.com, says Lewis. It’s a site that documents email addresses that have been breached in some way. Of course, it may take some time for it to update to include the latest Yahoo hack.
No credit card information stolen—that’s good right?
Yes and no. Banks and credit unions will protect you against anti-fraud. While inconvenient, a breach in that sense won’t be the end of the world and is a relatively easy fix. You can cancel your card, be reimbursed for the fraud and move on. The real problem, says Lewis is that if the hackers know sensitive details like your email and password, they can apply that information towards other sites. If you reuse passwords across various accounts then you could be in trouble. Some hackers, says Lewis, could for example use what they found in the initial Yahoo breach to try getting into your other personal accounts and possibly use them for nefarious purposes.
Uh oh, so what can I do right now?
The best thing you can do right now of course is change your Yahoo password. And, what you should really do is change all of your most important passwords right now so if you have been breached, you won’t be handing over the key to all your accounts to criminals. Lewis has a few tips. Don’t use a predictable password. “12345” is obviously a bad choice. Here’s how to create a better one. And if you’re worried that you won’t remember more secure and complicated passwords, there are options like 1Password that act like encrypted deposit boxes for your private information. Definitely a better choice than affixing sticky-notes to your computer monitor, says Lewis.