The malware attack that took advantage of Yahoo’s Java-based ad network around Christmas Eve was far greater than anticipated, the company confirmed in a post (via CNET) on its help web pages. Initially believed to have affected only European users on January 3, 2014, the malware ad attacks were then said to have occurred during December 31, 2013 – January 3, 2014. But Yahoo on Friday revealed the attack actually took place between December 27, 2013 – January 3, 2014, and affected users outside of the European Union as well.

It’s not clear how many users may have been affected by the hack, although initial estimates from security companies said that up to 2 million machines might have been compromised during a four-day attack. Yahoo says that the attack happened after an account was compromised, without revealing more details about said account. However, the company says the account has been shut down, and it’s currently investigating the incident with help from law enforcement.

Yahoo isn’t offering specific help resources to users that “think” they may have been affected by the hack. Instead, it’s offering standard tips to Windows users, advising them to make sure that the latest Windows patches are installed, update to the latest version of Java and Adobe, and use an antivirus program that’s updated regularly. Apparently, only Windows users have been targeted by the ad hack.

According to previous reports, users that visited Yahoo sites including Yahoo Mail and Yahoo IM may have been served with malware ads that could have installed malicious code on their PCs for different purposes. Some of the programs installed turned those machines into Bitcoin miners, while others could have been used to steal personal information.