SAN FRANCISCO — Do you still Yahoo?
The company, which along with AOL is now part of a Verizon subsidiary called Oath, disclosed Tuesday that a 2013 hack had potentially stolen the information of all of its 3 billion users at the time — or triple the number of vulnerable users it had earlier reported.
So if you had a Yahoo account then, it's time to refresh your account passwords.
But beware: this is prime time for scammers to prey.
After past breach announcements, Yahoo sent possibly affected users emails with advice on how to proceed. Look carefully, because not all emails that look like they come from Yahoo are legit.
Phishing emails from crooks masquerading as Yahoo may ask users to click on links. Yahoo's won't. They also won't contain attachments and never request users' personal information, the company says.
The company urges caution on an FAQ posted on its website.
"The email from Yahoo about this issue will display the Yahoo icon Purple Y icon when viewed through the Yahoo website or Yahoo Mail app," it reads. "Importantly, the email does not ask you to click on any links or contain attachments and does not request your personal information. ... Avoid clicking on links or downloading attachments from such suspicious emails."
Change passwords, security questions
Yahoo advises users to change their passwords and security questions and answers for any other accounts in which they used the same or similar information as with their Yahoo account.
Users should also consider enabling two-step authentication on their Yahoo accounts, to provide an extra and very strong level of security. This form of verification sends a text message or call to the user's phone with a code as a second verification step. The code must be typed in before the account can be opened.
Instructions on how to enable two-step authentication is on the Yahoo website.
Review non-Yahoo accounts
In addition, users need to think about passwords and security questions from other accounts on which they gave the same or similar information used for their Yahoo account and possibly change them as well.
Once hackers have access to ID and password information for one system, they routinely try the same combination against multiple other platforms to see which ones work, an easily automated process.
When in doubt
If you're stumped, contact the company at help.yahoo.com. Avoid dealing with someone who calls claiming to represent the company, and do not agree to pay for such services. All Yahoo assistance is channeled through the site, the company said.
Finally, all users should review their online accounts for suspicious activity. That includes banks, credit card companies and hotel and airline loyalty programs.
Contributing: Marco della Cava