On September 22, Yahoo! announced that some 500 million email accounts had been compromised. If you have email that ends in att.net, you very well might have had your email password and other personal information stolen. Here's what you need to know if you're an att.net customer through the company's DSL service, U-Verse, or other products.
“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”It's all the rage now to blame rogue governments for any kind of data breach, so it's no wonder that Yahoo is using that tactic. Regardless of who stole the att.net information, it's freely available on the Dark Web, and that means your email information, as well as anything you've associated with the account could end up in the hands of Bad Guys.
If you call AT&T to get some help with this problem, a few things will happen. First you'll be told that they don't know for sure if you're information has been compromised. That's true, but if there's even a slight chance that it has been stolen, changing your password is the smart thing to do. You'll also be told that if you change your email password, it will not affect any password information on other AT&T services such as television or wireless that may be associated with your AT&T account. That is a flat-out lie. In most cases, if you change your email password, everything you have connected to AT&T will have its password changed as well. And there's no way around that happening.
All of that will get you through the first part of the process of trying to protect your email, But what do you do in the long run? Far and away the smartest thing to do is get away from any service running on Yahoo's servers. At some point
AT&T may wise up and change to another email provider, But for now if you want to keep your AT&T address you are stuck with Yahoo. There are dozens of other good free email services out there and unless you rely on your current att.net email address for critical items, you might want to retire it temporarily and use another service.
Another thing you can do is just dump AT&T email for good. It's pretty easy to export all of your data to other services, forward email from AT&T to your new address, and most likely be safer than you are today when it comes to the security of your personal information. That's what I'm doing, and what I'm advising my family to do as well.
And, sadly, there WILL be a next time.