User names and passwords were not the only thing crooks stole during the massive Yahoo breach. They also snagged the answers to challenge-questions for 500 million users. If you ever used Yahoo mail, you are affected.
Challenge-question answers can be used by crooks to reset account passwords and gain access, sometimes without your knowledge.
Using the same answers to challenge questions at different web sites is common. How many answers can there be to “Name of your first pet?” or “What’s your favorite color?”
Now the crooks may have the ability to gain access to your other accounts, not just at Yahoo.
State Bank offers the following tips:
- Replace your challenge questions with text message authentication. With this method a code is sent by text to your phone, which must be entered to access your account.
- Some providers offer a mobile app that generates an access code. Use that option, as it provides better protection than a text message.
- As always, be on guard for phishing E-mail and be careful what you click. If you get an E-mail from someone you haven’t heard from in a while, call the person before you click on any link or attachment to make sure he or she really sent it.
This is serious, folks. The breach appears to have started late 2014. Crooks have a long head start.