Editors note: This story was published by Recode on September 20, 2016, after it was revealed that 500 million Yahoo user accounts were breached. On December 14, Yahoo said it was the victim of an even bigger hack (read about it here).
If you've ever signed up for an account with Yahoo, there's cause for concern. The company confirmed today, after Recode broke the story last night, that 500 million user accounts were breached in a massive hack.
That's larger than the population of the United States and Mexico combined.
Yahoo says the attack likely included email addresses, passwords, names and phone numbers — not payment card data or bank account information.
More from Recode:
Elon Musk is expected to urge Trump not to abandon the Paris climate agreement
On the first day in SF, Uber's self-driving car ran a red light
Sheryl Sandberg, Tim Cook and Larry Page walked into Trump Tower. Here's what happened next.
But our email accounts are packed with personal information. We send people we trust our account details for all kinds of services over email, and whether it's as benign as a Netflix password or as potentially devastating as a pornography website login or credit card number, we expect our email accounts to be password-protected and private.
If you have a Yahoo account, here's what you should do.
Not just your Yahoo account. Make a list of all the online accounts where you store sensitive information. Update all your passwords to make them long and strong. Be sure to give each separate account a unique password, too. No repeats.
The best way to keep track of all your new passwords is with a password manager, which stores all your account details in an encrypted vault on your smartphone and your desktop. You can find some great free or extremely cheap ones online. Do some digging and find an option that works best for you.
If your Yahoo account information is indeed for sale, someone can hack into your email and find information you'd rather keep locked safe. Search your emails for sensitive correspondence, delete liberally and empty the trash folder.
Then visit the account settings of services you've connected to your Yahoo account and disconnect them immediately.
Gmail is endorsed by security researchers for being a secure service that most people can trust. If you want an airtight layer of protection, you can always setup a PGP key so only the intended recipient can decrypt your emails.
If you want to log in to your accounts, you should be able to verify you're the one trying to log in and not someone else. That means employing more than just an easily sharable password to authenticate your login attempt.
Most services offer the option to text a code to a phone number on file for your account so only a person with both your password and your cellphone can access. Make sure all your apps and services are fully updated to take advantage of any recent security improvements.
Hackers often try to bait people into opening emails or attachments that may contain malware. Don't open the email if you're unsure. And if you do open an email and then decide it might be a hacker, do not open the attachments. Delete it.
—By April Glaser, Recode.net.
CNBC's parent NBCUniversal is an investor in Recode's parent Vox, and the companies have a content-sharing arrangement.