Poll: Do you think technology companies are doing enough to protect your personal information?

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Yahoo disclosed a new security breach on Wednesday that may have affected more than one billion accounts. The breach dates back to 2013 and is thought to be separate from a massive cybersecurity incident announced in September.

Have a Yahoo account? You may want to change your password.

The tech company announced the  latest number of online users’ affected by a huge security breach, topping out at one billion accounts. According to CNN, that’s roughly double the number involved in the cybersecurity incident it announced in September, which is believed to be separate.

Yahoo users are not only concerned about how many people were hacked, but also how long it took to inform them of the hack. It happened three years ago.

The first thing a Yahoo user should do is change your password. People who create a really strong password for one site but then use it across others are vulnerable to attacks, said Shuman Ghosemajumder, chief technology of Shape Security, CNN reported. Hackers obtained more than just names and passwords in the Yahoo breach — they also nabbed answers to security questions. Cybercriminals can use that information to conduct automated attacks called “credential stuffing,” CNN said.

That’s when hackers take the stolen information of millions of users and build a program that tries to log in to other online accounts like banking, retail and airline rewards. Ways to be extra cautious, CNN explained, is avoid clicking on links or opening downloads from unknown email addresses; never share any account information or passwords over email; and block access to your credit report. A strategy used by hackers is to work toward gaining an individual’s trust, and then victimize a person further.

Do you think technology companies are doing enough to protect your personal information?