The biggest data breach in history just tripled in size.Tuesday that every single one of its 3 billion accounts were hacked from a 2013 breach. At the time of the attack, Yahoo claimed , but after Verizon took over Yahoo, the company investigated further and discovered that all of its approximately 3 billion accounts were affected.
Why you shouldn’t delete your Yahoo account
In an earlier version of this story, I suggested you simply delete your Yahoo account and move to Gmail, but it appears doing so may open another workaround for hackers. Yahoo recycles old email addresses, which means that 30 days after your account is deleted, someone could open a new account with your old Yahoo email address and potentially use it to gain access to your other accounts.
After opening an account with the address you vacated, a nefarious individual could impersonate you and fire off password resets requests to get into any of your other online accounts to which you’ve linked your Yahoo email.
So, instead of deleting your Yahoo account, I suggest you change your password, turn on two-step verification, disconnect all connected services and move to Gmail while leaving your Yahoo account inactive.
Change your password
The first order of business is to change your password. The hack exposed your password so if you do anything, that one thing should be to change your password to a strong password or passphrase that you don’t use for any of your other accounts. And if you have repeated your old Yahoo password on any of your other accounts, go ahead and change the password for those accounts, too.
For Yahoo, log into Yahoo Mail, click the gear icon in the upper-right corner and click Account Info. A new tab will open. Click Account security on the left and then click Change password.
Turn on two-step verification
On the same Account security page where you changed your password, scroll down and click the toggle switch to enable Two-step verification. Enter your phone number and click the Send SMS button and then enter the verification code that Yahoo sent you. Now, someone will need to steal both your password and your phone to get into your account.
Disconnect all connected services
Head back to your Yahoo Mail inbox, click the gear icon in the top-right and click Settings. On the Settings panel, click Accounts on the left and you’ll see the email accounts, social networks and cloud services connected to your Yahoo account. Click Disconnect on any that are listed as Connected to make it harder for a hacker who gains access to your Yahoo account from getting into your other accounts.
Switch from Yahoo Mail to Gmail
Gmail has a great tool to import data from other email accounts. Go to the inbox and click the gear-icon button in the upper-right corner and click Settings. Next, click Accounts and Import at the top of the page and then click Import mail and contacts. Here, you can enter your Yahoo email address and import your Yahoo data to Gmail. You can choose to import contacts, mail and new mail for the next 30 days.
Update, Oct. 4, 2017: This story was originally published Dec. 15, 2016 and has been updated to include new information.