What information has been stolen?
Yahoo's chief information security officer, Bob Lord, said in a blog post Wednesday that account information taken “may have” included names, email address, telephone numbers and dates of birth. Lord also said that password information, though not passwords in plain text, may have been stolen, as well as some answers to security questions.
According to Yahoo, accounts on Tumblr — which Yahoo bought in 2013 — are not affected.
How about financial information?
Lord said financial information, including credit card numbers and payment card data, were not accessed. That information is stored in a separate system.
Still, users should check their credit scores to see if new accounts have been opened in their name, as this type of personal information can be used as a key to get enough information to open an account.
How do I know if I've been affected?
Yahoo will be contacting potentially affected users by email.
Beware of scam emails that may reference the Yahoo breach to try to pull more information out of you by asking you to “verify” information.
What should I do on my Yahoo account?
Users will be asked to change their passwords. Any unencrypted security questions and answers will be invalidated, meaning that users will have to submit new ones. If you haven't changed your password since 2013 — or if you had changed it to a password you may have used before 2013 after the previous breach — it's a good idea to change it again.
Also, if you had a Yahoo account in 2013 but have since closed it, you should change the credentials for any current accounts you have that might share a password or security question response with that old account.
Does Yahoo have a place where I can find all this information?
The company has set up a frequently asked questions page for anyone who may have been affected by the breach.