What’s your email password?
How about your bank user name or the name of your first pet?
You may not be telling anyone these things but hackers may already know if you are connected to the Yahoo! data breach.
A breach which started in 2014, but everyone was just notified this month.
Information like user names and passwords which was breached from millions of Yahoo! users, and out there for hackers to steal since 2014.
“In two years you could really take over a life with that amount of information,” explained Scott Scheidt.
“The biggest concern is what has already happened since the breach that everyone doesn’t know about.”
Scott Scheidt is the Director of Armstrong’s Center of Applied Cyber Education.
He says the biggest worry, and biggest tool of the hackers is “credential stuffing”.
Its a practice where they load all the information they have, and see what other accounts it might connect to.
“Instantaneously with an app or piece of software you can load 500 million credentials in there in seconds, in fractions of seconds and pull that information up,” explained Scheidt.
“With 500 million sets of credentials you can get into thousands, tens of thousands of accounts in seconds.”
The key to getting that information isn’t a password, but those security questions everyone has, and has to answer.
“Your first elementary school, and the name of your first pet, and if they are used on every one there are ways they can use association to link them,” said Scheidt.
Links which are easy to find and use.
News 3’s Andrew Davis learned that first hand.
Using the website “haveibeenpwned”, he typed in an email address.. and found out.
“You were caught in the Linked In 164,000,000 email breach.”
So what should someone who is on the list supposed to do?
“Change the whole email account,” explains Scheidt. “With Linked in you can set up a couple of them. defeinitely delete that one out of it. Set up a new one that is new and secure and delete that one off it. And change your security questions.”
Websites like lastpass.com allow you to use one password for everything, and it will switch them securely for you.
You can use haveibeenpwned.com to check if you might have been part of any of the recent hacks and check on what sites you may need to change passwords, and security questions on.