It's time to change your Yahoo password, again – and perhaps consider a new email provider – following the company's confirmation (opens in new tab) that more than one billion user accounts were breached by an "unauthorized third party" back in August... of 2013.
The timing is especially poor (though we guess there isn't exactly a good time to be hacked) following Yahoo's announcement in September of this year that a separate security breach back in 2014 compromised at least half a billion accounts.
Though both egregious events are similar, Yahoo believes this new incident "is likely distinct" from the one that took place in 2014.
The attack appears to have been the work of forged cookies – software saved to a browser normally used to track user information and preferences while surfing the web – but the investigation is still ongoing.
What data was taken?
Yahoo states information nabbed from the one billion-plus accounts could contain data ranging from names, emails, phone numbers, birth dates, hashed passwords, and, in some cases, security questions and answers.
It appears that payment and bank account information were not included in the list of data compromised by the breach, but we'll just go ahead and say you should always be ever-vigilant of your finances following situations like these.
What should you do?
Yahoo claims to have taken steps to work directly with affected users and secure their accounts, but urges all users to follow the usual steps one takes when these things happen: change passwords, revise security questions, and keep an eye out for any suspicious activity on your account.
Yahoo has also posted a filled with information relevant to those who may be affected, or our just curious to learn more. For what it's worth, Tumblr users can take it easy as seemingly no data from the blogging service was compromised.