During the second half of 2016, Yahoo reported a major data breach which affected over 500 million users. And in December, it revealed another hack affecting 1 billion accounts then but later updated it to a record number of 3 million users. It is considered as the biggest data breach of the 21^st century. The attack exposed names, email address, date of birth, telephone numbers, encrypted password and unencrypted security questions of the users. If you are one of the victims, then here is the immediate action-list to secure your account.

1. Checking Email Address: The email address is the storehouse of all the sensitive information. That’s why; the hackers target your email account first. There are information like your credit card details, your bank details, your transaction history, exposed passwords, official restricted documents and many other sensitive data in your mail account. And these data are the golden keys for the hacker to make the unauthorized transaction in your account. You need to remove all types of sensitive data from your account. If you are not using your Yahoo account as the primary email address, check it also. Yahoo may send you the notification if your account is affected by the breach.

2. Checking Latest Logins: You must track the activities in your account. Go to the Recent Activity in the left-hand menu of your Yahoo account homepage. You can view the list of the locations and devices where your Yahoo account has been accessed recent times. If you find anything suspicious, change your password immediately. You can get the password change link right from the Recent Activity page. You just follow the instruction and change your password.

3. Changing the Password: In your Yahoo account page, go to the left panel and select the Account Security Link. You will find Change Password tab. You need to click on the tab to create a new password. Always keep in mind while resetting the password that you should not use any common dictionary words or the name of your parents or your wedding anniversary or birth date of your first child as the password as these are easy to guess. On the other hand, it is not advisable to set the password too tough to remember. Create the password which has an exclusive connection with you. And make it with a proper combination of letters in both the cases, numbers and special characters.

4. Checking the Recovery Option: Go to the Account Security section of your Yahoo homepage. You will find the Account Recovery Information section. Here you can get the recovery email address and password to verify your account when you cannot access it. If you don’t have the recovery email and phone number, this is the best time to add those. Insert a list of trustworthy email address and phone number which you can access anytime. Now you can regain the access of a hacked account without any hassle. If you have the recovery details, please check the accuracy of the information. Sometimes, the hackers alter any digit of your email address or phone number or change it to their preferred address. It will give them the full access to the account. So check the email id and phone number minutely to avoid any chance to get locked out in your Yahoo account.

5. Two-Step Verification: Two- Step Verification is the most effective way of Yahoo to keep your account safe from the hackers. In this verification process, Yahoo will send you verification key to the number you had provided in time of account creation. Now you have to submit that key before logging to your account. So the password is not the only gateway to access the account, the user needs to access the phone and eventually the code to login to your account. To activate the Two-Step Verification in your account, go to the Yahoo account page and then visit Account Security section. In the bottom section of the page, you will find the Two-Step Verification. You need to switch on the toggle to give an extra layer of protection to your Yahoo account.

6. Checking Other Accounts: It is a very common trait among the internet users to use the same password to various accounts. And the hackers can guess that easily. If they steal the password from your Yahoo account, they can try the same password in all of the related accounts of yours. So be prepared to avoid this mistake. If you are using the same password for different websites, check all the accounts to track hacking. If you are still able to access those accounts, change the password immediately. You should use the strong and unique password for different websites. If you cant access any of the accounts, then go to the account recovery process or contact the customer care support to recover the accounts.

7. Enabling Anti-Virus Protection: The hackers can do various malicious activities in your account. They can infect your device with Trojan, malware or virus. They can even send spam from your account without your knowledge. You need to install antivirus software in your system. You can get many free version of the software which will give your account a very good security. And if you want a tougher security, then go for the paid version of the antivirus software. You need to secure your mobile to ensure the online security of the Yahoo app. You can install any free version of mobile antivirus on your phone.

8. Changing the Security Questions and Answer: Sadly, the security questions and answer of your account is not encrypted. So the hackers can easily access the exposed security questions. The security question is the ultimate way to gain access to a locked account. Yahoo will verify your identity through it. Try to insert random and unique answer to the question which is not easy to assume by the hackers. If you are using the same security question to other accounts, change them also immediately.

Don’t Delete Your Account: If you are too scared to continue your email service with Yahoo and want to delete the account, we advise you to think twice. You think to get rid of this problem forever but this may be another security threat. Any hackers can use your recycled email address to spam every website with ‘forget password’ request. They even can impersonate you by using a known pseudonym.