Here's how to protect your Yahoo account from hackers

Yahoo's 3 billions accounts were hacked. Instead of deleting your account, it's better to mothball it and move to another email service like Gmail.

Matt Elliott Senior Editor
Matt Elliott is a senior editor at CNET with a focus on laptops and streaming services. Matt has more than 20 years of experience testing and reviewing laptops. He has worked for CNET in New York and San Francisco and now lives in New Hampshire. When he's not writing about laptops, Matt likes to play and watch sports. He loves to play tennis and hates the number of streaming services he has to subscribe to in order to watch the various sports he wants to watch.
Expertise Laptops | Desktops | All-in-one PCs | Streaming devices | Streaming platforms
Matt Elliott
3 min read

The biggest data breach in history just tripled in size. Yahoo announced Tuesday that every single one of its 3 billion accounts were hacked from a 2013 breach. At the time of the attack, Yahoo claimed 1 billion accounts had been hacked, but after Verizon took over Yahoo, the company investigated further and discovered that all of its approximately 3 billion accounts were affected.

Why you shouldn't delete your Yahoo account

In an earlier version of this story, I suggested you simply delete your Yahoo account and move to Gmail, but it appears doing so may open another workaround for hackers. Yahoo recycles old email addresses, which means that 30 days after your account is deleted, someone could open a new account with your old Yahoo email address and potentially use it to gain access to your other accounts. 

After opening an account with the address you vacated, a nefarious individual could impersonate you and fire off password resets requests to get into any of your other online accounts to which you've linked your Yahoo email. 

So, instead of deleting your Yahoo account, I suggest you change your password, turn on two-step verification, disconnect all connected services and move to Gmail while leaving your Yahoo account inactive.

Change your password

The first order of business is to change your password. The hack exposed your password so if you do anything, that one thing should be to change your password to a strong password or passphrase that you don't use for any of your other accounts. And if you have repeated your old Yahoo password on any of your other accounts, go ahead and change the password for those accounts, too. 

For Yahoo, log into Yahoo Mail, click the gear icon in the upper-right corner and click Account Info. A new tab will open. Click Account security on the left and then click Change password.

Turn on two-step verification

On the same Account security page where you changed your password, scroll down and click the toggle switch to enable Two-step verification. Enter your phone number and click the Send SMS button and then enter the verification code that Yahoo sent you. Now, someone will need to steal both your password and your phone to get into your account.

Disconnect all connected services

Head back to your Yahoo Mail inbox, click the gear icon in the top-right and click Settings. On the Settings panel, click Accounts on the left and you'll see the email accounts, social networks and cloud services connected to your Yahoo account. Click Disconnect on any that are listed as Connected to make it harder for a hacker who gains access to your Yahoo account from getting into your other accounts.

Switch from Yahoo Mail to Gmail

Gmail has a great tool to import data from other email accounts. Go to the inbox and click the gear-icon button in the upper-right corner and click Settings. Next, click Accounts and Import at the top of the page and then click Import mail and contacts. Here, you can enter your Yahoo email address and import your Yahoo data to Gmail. You can choose to import contacts, mail and new mail for the next 30 days.

Matt Elliott/CNET

Update, Oct. 4, 2017: This story was originally published Dec. 15, 2016 and has been updated to include new information.