Personal information from half a billion Yahoo users has been stolen, the company has said. Yahoo has said it suspects a "state-sponsored actor" is responsible for the hack and urged users to change their passwords.
The personal information stolen dates back to 2014 and may have included users' names, email addresses, telephone numbers, dates of birth and hashed passwords but may not have included unprotected passwords, payment card data or bank account information, the company said.
"Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry," Yahoo said in a statement on Thursday.
"Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account," the company added.
Access to personal data, including encrypted or unencrypted security questions, could allow hackers to access other online accounts.
Yahoo is recommending that users change their passwords if they haven't done so since 2014. The California-based company also said users should change passwords for other online services if their login information was identical to what they used for Yahoo.
"The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," the company said. "Yahoo is working closely with law enforcement on this matter."
Earlier this summer, Yahoo was reportedly looking into a cyberattack and the theft of data regarding of some 200 million user accounts, according to the technology news site Recode. "It's as bad as that," a source told Recode. "Worse, really."
The data breach could have implications for the sale of Yahoo's core business to US telecom Verizon for some $4.8 billion, a deal that still requires regulatory approval.
sms/jil (AP, Reuters, AFP)