Yahoo user? Be ready to refresh your account passwords. But beware: this is prime time for scammers to prey.
The Internet company said late Wednesday as many as 1 billion user accounts may have been compromised in a breach that took place in August 2013.
That comes on top of a breach involving as many as 500 million Yahoo users that the company reported in September of this year but which took place in 2014.
Yahoo is reaching out to users, advising them to change passwords and upgrade their security.
It's also sending possibly affected users email. Look carefully. Not all emails that look like they come from Yahoo are legit.
Phishing emails from crooks masquerading as Yahoo may asks users to click on links. Yahoo's won't. They also won't contain attachments and never request users' personal information, the company says.
"If an email you receive about these issues prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails," the company said.