Following Another Massive Data Breach, Experts Warn Not to Trust Yahoo Anymore – Here’s How to Delete Your Account


Yahoo announced a new attack last evening, confirming that following data theft of 500 million users, personal data of 1 billion more users had been stolen by hackers. The company revealed that it suffered a hack in 2013. The hackers stole login and personal details of Yahoo users, including weakly hashed passwords. Following this second breach, security experts have warned that no one should trust Yahoo anymore.

The biggest concern being raised right now is that the tech giant failed to detect the breach when it happened in 2013, and has only now revealed details after being notified by a third-party. This means users were left at risk of identity theft, among other criminal uses of their personal data, for over 3 years. "Yahoo badly screwed up. They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward," Bruce Schneier, a cryptologist said.

Another concern is, of course, the disregard of user data security. Failing to prevent an attack is one thing, but storing passwords with weak encryption is a complete and sheer carelessness for a company that has data of billions of users. Data security should have been the number one priority for Yahoo. But, following its deal with Verizon, we have seen two of the biggest data thefts in the internet history affecting 500 million and then 1 billion users.

Yahoo confirmed in its announcement yesterday that user passwords were stored using MD5 hashing algorithm. First published in 1992, use of this encryption method was deprecated over a decade ago. "MD5 is strongly deprecated and this points to troubling software development security practices in Yahoo or its suppliers," Jonathan Care, a research director told Guardian.

"These accounts have been compromised for years and the sheer number of them means they have already been a large source of identity theft," Tyler Moffitt, senior threat research analyst said. "No one should have faith in Yahoo at this point."

Following September's Yahoo announcement of its last data breach affecting 500 million (employees said Yahoo was aware of it way before public disclosure), Verizon was reported to be asking for a $1bn discount from the agreed $4.8bn deal. Considering this time affected user base is twice the size of the last breach, it's likely Verizon will ask for a further $2bn discount, putting the deal at just $1.8bn. "We will review the impact of this new development before reaching any final conclusions," Verizon had said yesterday.

How to delete Yahoo account

Whatever happens to the deal with Verizon, Yahoo users are concerned about their own data security. While you cannot do anything about the breaches that happened in the past, you can certainly delete your Yahoo account and get out of this hellhole permanently. Users are also strongly advised to change passwords on all of other sites where you may have reused the same login credentials.

Here's how to terminate your Yahoo account:

  1. Sign into your Yahoo account.
  2. Go to Terminating Your Yahoo! Account page (link).
  3. Type your password, if asked (it wouldn't if you are already signed in).
  4. Type the CAPTCHA code. delete Yahoo account
  5. Click on YES Terminate this Account.

Your account will be deactivated and then deleted in approximately 90 days. Also, note that Yahoo "may allow other users to sign up for and use your current Yahoo! ID and profile names after your account has been deleted."

Yahoo also warns that your information "may remain in back-up storage for some period of time after your deletion request," which is vague and further puts user data at risk. For more details, visit this page.