There was a time when hackers sought out retailers’ computer networks, specifically their point-of-sale credit card networks, and used that access to steal credit card and debit card information. Over time, there’s been a shift in the way hackers operate.

After all, stealing your credit card information is a very limited prospect; all you have to do is cancel that card when you notice some suspicious activity, and their efforts will prove fruitless. That’s why hackers have upped their game, going after long-standing information and personal data rather than account numbers that can be changed. The most recent large scale data breach, one that affected more than 500 million accounts, proves that very point.

Several sources have now reported that Yahoo! has experienced a data breach, believed to be the work of foreign, state-sponsored hackers. The sheer volume of user account information that was compromised makes this possibly the single largest data breach in history.

But what would they even want with your personal email account? Plenty. The hackers made off with names, user names, hashed passwords, telephone numbers, and even birthdates and security questions. While no Social Security numbers should have been involved in the stored data, what was accessed is enough to do a world of identity theft damage.

With access to your email account, hackers can change your password and lock you out. From there, they sell the new information to criminals looking to make money off of your other existing accounts, like PayPal, Amazon, or your credit card accounts. By clicking “forgot my password” and responding to the link sent to your email account (which they now control), it becomes a race to see how much money they can make off of you before you’re able to correct the situation. And that’s only the financial damage they can do. If your account provides enough pieces of the identity puzzle, their work can prove to be far more costly in the long run.

So far, the information seems to date back to 2014, so if you’ve changed your password since then, you might be safe. Still, it never hurts to change your password anytime you hear news of a data breach.

Furthermore, one of the most important steps any tech user can take is to make certain to only use that password on one account. If you’ve reused your password, or if you’ve used easily guessed combinations to create your passwords, you run the risk of compromising all of your accounts.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.