The company has confirmed that "at least" 500 million Yahoo accounts were compromised in an attack in late 2014.
In this attack, user information such as names, email addresses, phone numbers, dates of birth, passwords, and both encrypted and unencrypted security questions and answers were leaked.
Yahoo does not believe that unsecured passwords, payment card details, or bank account information were accessed, as data is not stored on the system that was hacked. According to the company, this hack was carried out by a "state-sponsored agent" and it is working closely with the police on a full investigation.
Since yesterday, Yahoo is notifying all affected users of this circumstance and is asking them to change their passwords immediately if they haven't done so since 2014. All compromised security questions and answers have also been invalidated.
Yahoo has put out a set of recommendations for all customers who may be affected:
-Change your password and security questions and answers for any other account where you use the same or similar information that you use for your Yahoo account.
– Check your accounts for suspicious activity.
– Be wary of unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
– Avoid clicking links or downloading attachments from suspicious emails.
– Also, please consider using the Yahoo Account Key, a simple authentication tool that completely eliminates the need for a password.
Earlier this summer, Yahoo said it was investigating a data breach after hackers began selling account access. The full scope of the attack has not been revealed until today, and perhaps Could Affect Yahoo's Sale to Verizon.