Update: Yahoo has finally confirmed the breach and it’s even bigger than initially expected. The company said in a press release that the attack has affected 500 million users.

Here’s the official statement:

The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.

Several sources close to Yahoo claim the company is expected to confirm a massive data breach that has affected millions of users, Recode reports.

Sources haven’t specified the exact magnitude of the vulnerability to avoid possibly interfering with government investigations, but they point out the attack is widespread and serious.

Back in August, a hacker going by the moniker ‘Peace’ claimed he’s allegedly selling private information of over 200 million Yahoo accounts. The stolen data purportedly included birthdates, usernames, passwords and in some cases, details about email backups.

At the time, the company said it’s aware of the claim, but did not explicitly deny the authenticity of the rumors.

The announcement of the breach is expected to come this week and will likely also have an impact on the $4.8 billion sale of Yahoo’s core business to Verizon.

Still, I wouldn’t wait for the announcement to change my password – you don’t want someone leaking those naked pics you thought were kept safe.

We have contacted Yahoo for further details and will update this piece accordingly.

Update: Yahoo is yet to announce the breach, but it seems something’s up.

Oh boy, just got this on sign in: pic.twitter.com/bThjuGYVXj — Troy Hunt (@troyhunt) September 22, 2016

Yahoo is expected to confirm massive data breach, impacting hundreds of millions of users on Recode

Read next: This noise-blocking device promises to create a personal bubble of silence