Last night Yahoo disclosed what is thought to be the largest cyber attack in history.
Up to 1bn accounts are thought to be affected by the hack, which Yahoo said took place in 2013.
How do you know if you've been affected? And what should you do if you have? We've answered all your questions here:
So. What exactly happened?
Yahoo said last month US law enforcement showed it proof it had been hacked in August 2013, with data stolen from a billion user accounts.
Separately, it said its forensic experts have been investigating the creation of forged cookies which could give an intruder access to users' accounts without a password, sometime during 2015 and 2016.
How do I know if I'm affected?
Yahoo has sent out emails to everyone it thinks could be affected, so check the recovery email address you use for Yahoo to find out whether you're one of the lucky billion.
What do I do now?
Sign into your Yahoo account(s) and change your password – and, potentially, the passwords of any associated email addresses which are similar. Yahoo has suspended its security questions and answers. Instead it will send an eight-digit Account Key to your recovery email address.
Which services does it affect?
Although Yahoo hasn't specified which services are affected, it ruled Tumblr accounts out of both the hack or the forged cookies. Which, presumably, means all its other services – including Yahoo-branded services such as Yahoo Finance and Yahoo Answers, as well as Flickr and Rivals.com. We've asked Yahoo for more details.
Right. This all sounds very familiar…
Yep – that's because in September this year Yahoo made a similar disclosure, saying a massive data breach in 2014 had compromised as many as 500m accounts.
Last night's disclosure is not thought to have been associated with September's hack – which means that, potentially, 1.5bn people's account details could have been stolen in the past three years. Merry Christmas…