If you use Yahoo Mail or any of its services (Tumblr, Flickr, Fantasy Football), you need to act now.
The company confirmed on Thursday a massive data breach that affected at least 500 million user accounts.
According to a long investigation that left users unaware for years, leaked account information may include names, email addresses, telephone numbers, dates of birth, hashed password, encrypted or unencrypted security questions and answers. That means passwords may not have been leaked, but it doesn’t mean you shouldn’t change them.
Yahoo is expected to notify any potentially affected users, but anyone can follow these steps to better secure their accounts.
Yahoo has invalidated unencrypted security questions of those users it believes have been affected. Affected users will need to update their accounts, but anyone should go and change their password, especially if it hasn’t been updated since 2014 when the breach occurred.
2. Change your passwords, security questions that match Yahoo’s