Yahoo said Thursday that usernames and passwords of its email customers were stolen and used to access accounts.
The company isn't saying how many accounts have been affected, but there are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.
If you are one of those 273 million, there are some important steps you should take to keep your identity and information safe.
Yahoo Inc. said in a blog post on its breach that "The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails."
That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.
The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.
Yahoo said it believes the usernames and passwords weren't collected from its own systems, but from a third-party database. It's not clear why a third-party database would have information on Yahoo accounts.
What To Do If You've Been Hacked:
Yahoo said on its blog that it has prompted users to reset passwords to protect their accounts.
To stay safe, Yahoo recommends you:
1) Change your password regularly.
2) Never use the same password on multiple sites, a practice Yahoo says makes people particularly vulnerable.
3) Use different variations of letters, numbers and symbols in your passwords
4) Beware of "phishing" emails that ask you to update passwords or enter other personal information.
5) Clear your computer of viruses or malware
6) Notify your friends and family as soon as possible if you believe you were hacked, and warn them not to open anything from your compromised email address.
7) Check your personal email settings. It is possible the email hacker may have created an email forwarding policy. Also check if the hacker changed your automatic signature or added a malicious link.