If you have a Yahoo account, you may have been hacked.
At least 500 million user accounts may have be compromised after copies of user account information was stolen from the network in late 2014, Yahoo! Inc. said Thursday.
This may be one of the largest cybersecurity breaches ever, CNN Money reports.
Yahoo believes a "state-sponsored actor" (someone acting on behalf of a government) was behind this data breach, and stole information including names, email addresses, telephone numbers, dates of birth, passwords, and in some cases encrypted or unencrypted security questions and answers.
Sensitive financial data, like bank account numbers and credit card information, isn't believed to have been stolen, Yahoo says.
People whose accounts may have been affected will be notified, Yahoo says, and the company has taken steps to secure their accounts. All users are urged to do the following to further protect their information:
- If you haven't changed your password since 2014, you should.
- Inspect your account for any "suspicious activity."
- If your password and security questions and answers for your Yahoo account are similar to the ones you use for other accounts, you should change them.
- Avoid clicking on links or downloading attachments from suspicious emails.
- Consider using Yahoo Account Key – it's an authentication tool that eliminates the need to use a password.
Yahoo says data breaches from state-sponsored actors has become common in the tech industry as of late, noting it has a program that detects and notifies people if their accounts have been targeted. Yahoo's program launched in December 2015, and since then roughly 10,000 users have received a notice (not counting the estimated 500 million users who are likely affected by this breach).
How will this affect Yahoo?
Cryptologist Bruce Schneier told Fortune that it's too early to tell the kind of impact the breach will have on Yahoo and its users because there are still a lot of questions – like the identity of the state-sponsored hackers.
It's also not clear how this breach will affect Yahoo's deal with Verizon – the company said in July it agreed to buy Yahoo for $4.83 billion.
But some critics are calling this breach a disaster for Yahoo. Corey Williams, of the internet security company Centrify, told Consumer Affairs this may be "the straw that breaks the camel’s back."
Williams says Yahoo "may very well be facing an existential crisis," noting this incident isn't necessarily a story about passwords being stolen, but "more about how law security and poor handling of incidents can impact the very existence of a company."
Williams wasn't the only person to question Yahoo's relevance. Many took to Twitter following Yahoo's announcement to joke about how they were surprised to learn the company still exists, while others asked the hackers to let them know what their password is.