The news today of the world’s biggest data hack in which hackers stole date from one billion people has prompted security experts to issue warnings for consumers to tighten up their security.

Yahoo said some of the information stolen in 2014 in the massive hack included unencrypted security answers and questions.

That presents a massive problem for all of us who rely on standard questions and answers across our accounts we can remember, like the name of our first pet or the first street we lived on.

Although the list of affected Yahoo counts has not been released to security experts yet, you can find out if your email address has been compromised in other major hack attacks at security sites such as Have I Been Pwned? and Heroic. If this site lists your email address as having been compromised, you need to change your password.

Here are six steps from Sophos security on what you need to do today:

1. Change your Yahoo password immediately

2. Reset this password, if you’re reusing it on other online sites. Cybercriminals are now using tools that sniff out passwords reused on other, more valuable sites to make their work easier and to make the stolen passwords and other hacked data more lucrative on the dark web

3. Make all new passwords different and difficult to guess — yes, you need to create different passwords for every site you visit

4. Include upper and lower case letters, numbers and symbols to make passwords harder to crack — refer to the Sophos Password Quick Tips guide for creating stronger passwords

5. Don’t trust password strength meters — these are unreliable and inaccurate

6. In general, it’s always good practice to update your passwords, password manager and security questions, if you hear of a potential data breach that might affect you. Even data breaches from several years ago could still impact you today.

This is the second time in a few months that Yahoo has reported a massive data breach.

In September, Yahoo said 500 accounts were hacked in 2014 in a state-sponsored attack in what was then the world’s biggest data breach. This new hack, which happened in 2013, is twice the size.

Yahoo said today information stolen by the hackers in the 2013 hit included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and unencrypted security questions and answers which could be used to access people’s accounts.

Yahoo has recommended its users change their passwords and security questions and answer prompts for any accounts which they have used the same information as their Yahoo account.

It also urged its users not to click on links or download attachments from suspicious emails and be suspicious of unsolicited emails and phone calls asking for personal information.

Yahoo’s security head Bob Lord has written a blog urging people to take steps to secure their accounts.

Lord says Yahoo users should visit the Safety Centre page for complete information and follow these steps:

1. Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;

2. Review all of your accounts for suspicious activity;

3. Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;

4. Avoid clicking on links or downloading attachments from suspicious emails; and

5. Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.

Originally published as Yahoo hack: What you need to do after one billion accounts were hit in world’s biggest data breach