Yahoo announces that data from as many as 500 million user accounts were stolen in a breach during 2014. The data breach poses many problems for Yahoo CEO Marissa Mayer as she tries to close a $4.8bn sale to Verizon Communication who were only made aware of the leak two days ago. With the deal not set to close until early 2017, Verizon still has plenty of time to negotiate price or decide whether the takeover is worth it. But what does the biggest ever data leak made public mean for you?

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo claimed in a recent statement on their tumblr.

Yahoo suggest the hack may have been performed by a ‘state sponsored actor’ – polite jargon suggesting the hacker(s) were potentially acting on behalf of a foreign government. The California-based company did not explain why it had taken so long to disclose the breach or how it reached its conclusions about the hacker.

Last month, Motherboard reported that a hacker known as “Peace” claimed that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the dark web. However, given the timing, the significant size of the leak and the suggestion of state interference, this breach not only appears to be different but is also far more serious. Yahoo claims the FBI is now involved.

An FBI Spokesperson told CNN, “the FBI is aware of the intrusion and investigating the matter. We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals.”

What you need to do

  • Change your Yahoo passwords whether you believe your account has been compromised or not.
  • Check your account for ANY suspicious activity.
  • All Yahoo users should also update all security questions and answers.
  • Other steps to protect your data include regularly changing your passwords, never using the same password twice and developing unique passwords with a password manager. This PCMag guide compares different options.

Have a nice (malware-free) day!