Users of Yahoo email accounts are being warned to change their login passwords and security settings, following the revelation of the largest reported hack of all time.

Yahoo made news of the hack public in September 2016, though the attack itself took place in 2013. At the time, the company stated that the personal data of up to a billion Yahoo users worldwide may have been compromised. This estimate has since worsened considerably - in September 2017, Yahoo confirmed that every user account ever created - up to three billion in total - had been affected.

User names, email addresses, passwords and dates of birth among the information stolen by the hackers. According to a BBC news report, around eight million UK Yahoo users had their account details compromised by the ‘cyber-breach’, though this estimate is expected to increase.

Yahoo security notice

If your own Yahoo account has been affected by the data breach and you've not previously been contacted, you should receive a security notice email from Yahoo. 

This will direct you through to Yahoo's help page, which has been set up to advise users what to do if their data may have been affected.

Yahoo stipulates that payment card data and bank account details should not be at risk, but plenty of personally identifying data has been compromised.

Beware Yahoo imitators

When hacks happen and official messaging follows, scammers are rarely far behind. In the weeks and months following the revelation of the hack, email users may see scam messages encouraging them to click through and update their details. The risk is this could lead you to a dangerous phishing site, where scammers harvest login details to exploit.

If you're unsure about the message you're receiving, avoid clicking through on any links. Instead, you can safely click our link to take you to Yahoo's official help page.

If you wish to speak to someone on the phone, then unfortunately official support is thin on the ground. Yahoo isn't offering direct phone support to customers over this matter.

Tread carefully here, too - we've heard from members who have contacted support numbers that have nothing to do with Yahoo and been upsold onto expensive tech support packages. Avoid anyone you're unfamiliar with if they're after remote access to your PC, or talking about potential problems as a result of the hack - this could be a scam.

Password change

Yahoo users should have received a notification from the company to update their password details. If you’ve not done so yet, make this a priority. Choose a secure word that mixes letters, numbers and icons.

Read our guide on how to create a secure password

ISP email addresses too

It’s not just users with Yahoo email addresses that need to take action. Yahoo provides some of the email address services used by BT and Sky broadband providers. BT or Sky email address owners, who’ve used their accounts since 2014, should change their password details to secure their accounts.

Not all BT and Sky accounts will have been affected, as Yahoo doesn’t provide the service for all users of these ISPs. To stay on the safe side, we recommend updating your password if you use a BT or Sky email account.