Yahoo confirmed Thursday that at least 500 million user accounts were compromised in a hack.
The company said copies of certain user account information was stolen in late 2014 “by what it believes is a state-sponsored actor.” Compromised information may include names, email addresses, phone numbers dates of birth, passwords and security questions and answers.
“Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” the company said in a statement Thursday. “The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.”
Yahoo acknowledged earlier this year that it was investigating such a breach but did not say whether the hack had actually taken place. It did not require users to reset their passwords.
The company said its ongoing investigation indicates no unprotected passwords, payment or bank account information was stolen. Owners of affected accounts are being notified by Yahoo, which encouraged people to change their password.
The internet company is poised for sale to Verizon, a transaction that may be complicated by revelations of a data breach. The $4.8 billion deal has not yet been approved by regulators or Yahoo shareholders.