On Thursday Yahoo announced that some 500 million user accounts were stolen in a hack dating back to late 2014. According to an official statement, included in the 500 million were names, email, birthdates, passwords, security questions (with answers), and phone numbers.
Revelations of the hack came after an investigation by the company which was initiated by the company’s routine security searches—even though if it’s routine it should’ve been picked up and announced last year. What is known is that Yahoo believes a state-sponsored entity carried out the attack, even though its own investigation shows no evidence of this.
While Yahoo is working alongside law enforcement, users hit by the attack are being contacted by the company. As is usually the case with these kinds of attacks, users are encouraged to take steps to protect their account information—especially users who haven’t changed up their passwords since 2014.