Yahoo revealed that at least 500 million of its accounts were hacked in 2014 and the company believes a state-sponsored actor was behind it all.
The massive security breach — which some are saying could be the largest of all time — was announced Thursday on the company’s investor relations page. Yahoo said that the stolen information might have included names, birthdates, email addresses, telephone numbers, and encrypted or unencrypted security questions and answers.
The company recommends that users who haven’t changed their passwords or security questions since 2014 do so now.
“The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information,” the notice read.
“Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords.”
Yahoo added that it is working with law enforcement.