In a statement released today, Yahoo said a hack of its network in late 2014 breached information related to at least 500 million user accounts. The company says it believes "a state-sponsored actor" is responsible for the hack.
Company suggested changing passwords immediately
"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," Yahoo said in the statement. The company added, however, that the hack "did not include unprotected passwords, payment card data, or bank account information."
A hacker was recently found to be selling information related to 200 million accounts, although today's announcement suggests the scope of the breach was wider than believed. Yahoo said it is working with law enforcement on an investigation, although it did not provide any details on why it believed the hack was state-sponsored.
Recode first reported that Yahoo's announcement was forthcoming. Verizon is currently moving to acquire Yahoo, a deal that Recode reports may be frustrated by today's news.
Verizon says it's now "evaluating its interests" with regards to Yahoo.— Dave Lee (@DaveLeeBBC) September 22, 2016
Yahoo said in its statement that anyone with an account who has not changed their password since 2014 change it immediately.