A 2013 security breach at Yahoo affected three times as many accounts as the company first thought, a new announcement says.
Verizon had investigators look back at the data breach as part of its integration with Yahoo.
They say the hackers did not steal any bank account or payment card numbers. What they did steal were names, email addresses, telephone numbers, birth dates, hashed passwords, and security questions.
Last year Yahoo made the one billion account holders they knew were affected change their passwords and their security questions.
Now they'll send emails to another two billion people advising them to do that, too.
Beware of phishing scams
As Yahoo prepares to send out a couple billion emails, you can bet that scammers will be reaching out, too.
On a web page answering FAQs about the security breach, Yahoo says its emails will not include any links or attachments.
So if you get an email about your Yahoo account asking you to click on a link or open an attachment, you can be sure that's a phishing scam.
Besides changing their passwords and security questions, Yahoo also suggests people consider using a two-step verification. That's where they send a code to your phone for you to enter before you can open your account.
Yahoo now part of Oath
Verizon is combining Yahoo and other brands including AOL into a new company called Oath.
Even though Yahoo is getting absorbed, it's apparently still getting investigated, too. The Wall Street Journal reports the Securities and Exchange Commission is looking at why it took the company so long to report the data breaches and whether they broke any laws by delaying.