Yahoo has finally come out and reveal that it was hit with a massive data breach that affected 500 million user accounts. The company says that the hack took place back in 2014 and it believes that it was state-sponsored. The company did not reveal which state/country it believes sponsored the hack or why.
Yahoo went ahead to reveal that the data breach exposed important account details that include user email addresses, birth dates, names, hashed password, phone numbers and even security questions and answers.
Yahoo is still conducting investigations but it says that it does not believe information such as plain text passwords, bank card data or bank information was exposed to the hackers. This is because it does not store the payment data on the system that was breached. The company has also revealed that the hackers do not have access to the Yahoo network at this time.
Yahoo is currently notifying users who are among the 500 million that had their accounts breached. If you have a Yahoo account, you should expect the same but in the meantime you can go ahead and change your password just to be safe. You should also make sure you Activate Yahoo Account Key, this is a sort of two step authentication and will send a notification to your phone if someone attempts to sign in to your account.
Yahoo has also revealed that it is invalidating unencrypted security questions and answers so you will not be able to use those for now.
To protect yourself further, you should avoid clicking on links and downloading attachments from any emails. You should also avoid and trash unsolicited emails that seek your personal data.