Yahoo believes more than 1 billion email accounts in a hack dating back to 2013. If you're a Yahoo Mail user, here's what you should do now.
Yahoo has discovered another major cyber attack dating back to August 2013.
The internet giant says more than a billion accounts may have been affected, although many users will have multiple accounts.
It suspects the hack is unrelated to a previous breach in 2014, which involved 500 million accounts.
It's believed the stolen data includes names, email addresses, telephone numbers, dates of birth, hashed (encrypted) passwords and, in some cases, encrypted or unencrypted security questions and answers.
Thankfully, payment card data and bank account information were not stored in the system that was believed to be affected.
The hack was uncovered as part of continuing investigations by authorities and security experts looking into the 2014 breach, according to Yahoo.
Check your credit report for anything suspicious
How did they do it?
Hackers used “forged ‘cookies’”. These are bits of code that stay in the user’s browser cache so that a website doesn’t have to ask them to login every time they visit, according to Yahoo’s chief information security officer, Bob Lord.
He added that it could allow fraudsters to access users’ accounts without needing a password.
What now?
At the moment Yahoo is contacing all users affected by the hack and asking them to change their passwords. It says steps are also being taken to secure accounts.
Stay safe online
Even if you weren't affected, it couldn't hurt to change your password. The National Cyber Security Centre (NCSC) recommends using three random words to create a strong password.
Email, social media and online banking accounts are the most important accounts to protect so it’s worth using three strong, separate passwords to protect them.
Avoid words related to you that are easy to guess such as your place of birth, your child’s name and your favourite sports team.
And, of course, never share your passwords with anyone or write them down.
Read more at How to make a strong password.
Check your credit report for anything suspicious
Keep yourself in the know:
Evil scam that could cost you a lot more than money
9 ways Christmas criminals can catch your out