Back in 2014, Yahoo experienced a serious data breach of millions of its accounts, though it never publically revealed just how many. Today, the company posted an official message on its Tumblr blog, announcing that 500 million accounts were compromised in what the company believes was a “state-sponsored” act.
Yahoo says the information gathered from these compromised accounts includes names, email addresses, telephone numbers, birthdates, hashed passwords, and in some cases encrypted or unencrypted security answers. The company says that the stolen information didn’t include unprotected passwords, credit card, or bank information.
Despite that, because of the nature of the leak, Yahoo is suggesting that affected customers should change their security questions for any accounts that may use the same questions. They’re working closely with law enforcement to determine who was behind the hack, but customers should follow these safety steps to avoid information being used to get into other accounts.