Scott Barbour/Getty Images

On Thursday, Yahoo announced that hackers had compromised at least 500 million user accounts in 2014, stealing some number of names, passwords, email addresses, phone numbers, dates of birth, and security question answers. That's bad news if you have a Yahoo account, and just because the hack is two years old doesn't mean you should just throw up your hands and keep on keeping on. The first thing to do is immediately change your Yahoo password — pick a good one, and if you're having trouble, Edward Snowden has some pretty good advice.

In fact, "change all your passwords, especially if you use the same passwords for different sites," internet security analyst Hemu Nigam tells CNN. "When you look at your keychain you have a different key for your house, for your locker, for your bank. Treat your online world like you treat your physical world — in other words, a different password for everything that matters in your online world." Gizmodo's William Turton also suggests that whenever possible, turn on two-factor authentication, and be especially wary of strange emails.

Use your common sense, Turton says. "Don't click on links and definitely don't download any files unless you're sure you know who sent them. If the email sounds very dramatic or too good to be true, it probably is." If an email from an unknown sender asks for personal information, beware. You can read more advice (Turton suggests getting a Gmail account, though Gmail isn't immune to hacks) at Gizmodo, or learn more about the hack — including why Nigam is suspicious of Yahoo's claim the hack was "state sponsored" — in the video below. Peter Weber