Information from at least 500 million Yahoo accounts was stolen from the company.
The information may have included names, email addresses, telephone numbers, dates of birth, and, in some cases, encrypted or unencrypted security questions and answers, Yahoo said.
Yahoo recommends that users who haven’t changed their passwords since 2014 do so.
The company said it was notifying potentially affected users and taking steps to secure their accounts. That included invalidating unencrypted security questions and answers and asking users to change their passwords.
Yahoo said that account holders should also change passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.
In addition, cautioned users to avoid clicking on links or downloading attachments from suspicious emails that claim to be updates from Yahoo about the breach. Hackers often use news of big breaches to conduct “phishing” campaigns. Yahoo users should be cautious of unsolicited communications that ask for personal information, the company said.
It also said that all users should review their online accounts for suspicious activity