How do I know if my personal information was stolen?
Assume it was.
Yahoo! said it had begun notifying potentially affected users, but its breach was huge, and similar attacks and smaller thefts happen all the time.
Should I change my password?
The first step, as always, is to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites.
How do I create stronger passwords?
Try a password manager like 1Password or LastPass.
These sites create a unique password for each website you visit and store them in a database protected by a master password that you create. Password managers reduce the risk of reused passwords or those that are easy to decode.
If you must create your own passwords, try creating long, complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.
Are passwords enough?
Passwords are not enough. If a site offers additional security features, like secondary or two-factor authentication, enable them.
Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in.
Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer.
How can I stop my information from being stolen in the first place?
Increasingly, you cannot. Regularly monitoring your financial records can help minimize the damage if someone gets your information. But only the companies storing your personal data are responsible for securing it. Consumers can slow down hackers and identity thieves, but corporate computer security and law enforcement are the biggest deterrents.
What if you have changed your password after the breach happened but before it was disclosed?
The Yahoo attack happened two years ago but was disclosed only this week. Even if you changed your passwords recently for other websites, chances are at least some of them are similar to the password linked to your Yahoo account two years ago.
To play it safe, you should change your passwords, starting with your most sensitive accounts, including your online banking account.