Yahoo has confirmed that over 500 million user accounts were compromised in 2014. Yahoo is encouraging all their users to change their passwords, security questions and answers on Yahoo as well as any other site that uses the same information.
The concern is that many people use the same passwords and security questions on multiple sites, so anything that was obtained from the Yahoo attack could possibly be used to create new accounts or hack into other existing accounts on various websites.
The security breach is currently being investigated by law enforcement and the FBI.
The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
—Suzanne Philion, Senior Director, Corporate Communications at Yahoo