Yahoo has confirmed a huge data breach affecting 500 million accounts. The hack occurred in late 2014.
The stolen data includes users' names, email addresses, telephone numbers, birth dates, hashed passwords, and the security questions - and answers - used to verify an account holder's identity.
This isn't the first we've heard of the breach. Last month, the tech site Motherboard reported that a hacker going by the name "Peace" boasted that he had account information belonging to 200 million Yahoo users and was trying to sell data on the web.
Yahoo is blaming the hack on a "state-sponsored actor". They also say that they think unprotected passwords, payment card data and bank account information hasn't been affected, which will come as a relief to many.
It said it has "no evidence" that the attacker is still in Yahoo's network.
News of the security lapse comes at an awkward time for Yahoo, as it tries to sell its digital operations to Verizon Communications for 4.8 billion dollars (£3.7 billion). The deal was announced two months ago, and is not due to close until early next year.
This timescale leaves Verizon with wiggle room to renegotiate the purchase price or even back out if it believes the security breach will harm Yahoo's business. The latter is not out of the realms of possibility, and could happen if users shun Yahoo or file lawsuits against the company.
Verizon said it still does not know enough about the Yahoo break-in to assess the potential consequences. "We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," the company said in a statement.
For now, Yahoo is recommending that users change their passwords if they have not done so since 2014. If you have been affected by the hack, you can learn a bit more from the company itself here.