Yahoo announced on September 22, that user account information associated with at least 500 million accounts was stolen in late 2014.

The information stolen may include names, email address, telephone numbers, dates of birth, hashed passwords, encrypted and unencrypted security questions and answers. The ongoing investigation hasn't uncovered any evidence that unprotected passwords, payment card or bank information was included. Payment card and bank information was not stored in the affected system. Yahoo is notifying potentially affected users by email.

Yahoo has provided the following information:

As more information is collected through data breaches, it is important that everyone whether they have or have had a Yahoo account, protect themselves by taking the following steps.

  • Change your passwords. Not just on your Yahoo accounts but on any account that has personal or financial information of any sort. Don't reuse passwords.

  • Make passwords strong, long, and unique. The longer the password the harder it is to crack. You may want to use a password manager that can create strong passwords and then stores them in an encrypted vault.

  • Setup two-factor authentication where offered. With these sites, you enter a one-time use passcode sent by text or email in addition to your password. Some sites are skipping the password all together and will send you a passcode.

  • Change your security questions and answers on all of your accounts. The stealing of these from Yahoo is the biggest concern of some security experts. Make these unique on every site that uses them. Use made up answers not real because real answers can reveal more information about you.