Personal information of at least half-a-billion Yahoo users was stolen dating back to late 2014 by what it calls a ”state-sponsored actor.”
That includes names, email addresses, phone numbers, dates of birth and in some cases encrypted and unencrypted security questions and answers.
Yahoo says the ongoing investigation indicates that stolen information did not include unprotected passwords, payment-card date or bank account info.
The company says it’s notifying potentially affected users and taking steps to secure their accounts, such as invalidating unencrypted security questions and answers and asking users to change their passwords.
They should also change passwords and security questions and answers for any other accounts on which they use the same or similar information for their Yahoo account.
Users should also avoid clicking on links or downloading attachments from suspicious emails that claim to be updates from Yahoo about the breach, and review online accounts for any suspicious activity.