In what has already been called the worst hack ever, Yahoo confirmed Thursday that at least 500 million users were affected by a security breach from a state-sponsored actor.
If you want to tighten up your security, one of the first steps you should take is checking to see how many of your accounts have already been impacted by a security breach.
While the Yahoo hack is the biggest, there have been plenty of other massive data breaches over the years and chances are you’ve been affected by at least a few of them. It’s true that most companies try to alert their users to these breaches as soon as possible, but even they sometimes don’t find out about them until months or years after the fact.
Below, we look at how to know if your information was exposed in the Yahoo hack, or a security breach like it.
Yahoo says it is emailing owners of affected accounts now, so be sure to keep an eye out for an official email from them. (But beware of any suspicious looking messages, especially ones that prompt you to click on any links.)
In the meantime, even if you haven’t gotten an email from them, it’s still a good idea to change your password and enable two-factor authentication anyway.
One of the best ways to check many of your major accounts at once is the website haveibeenpwned, which is run by security researcher Troy Hunt, who tracks data breaches.
Enter the email addresses you regularly use into the site to see which of your accounts may have been affected. The site will tell you when the breach occurred and exactly what information was impacted.
You can also sign up for alerts tied to your email address so you can be notified as soon as another breach is detected.
While there could still be other sources of personal information out there, Hunt’s website is by far the most comprehensive of its kind, so it’s not a bad idea to run your email addresses through it every once in awhile.