Yahoo has confirmed that the accounts of over 500 million of its users were compromised in 2014. The company said that the breach might have been carried out by a "state-sponsored actor."
The breach is believed to have occurred in late 2014. Yahoo has started notifying its users, asking them to review their account for suspicious activities. The company has also asked its users to change their passwords and security questions.
In a statement released by Yahoo, the company said that the compromised account information may have included "names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers."
According to CNN, the breached data is not believed to include sensitive financial information such as credit card data and bank account numbers. Yahoo said that it is cooperating with law enforcement officials to investigate the security breach.
Bloomberg reported that Yahoo was informed about a hacker claiming to possess data related to 280 million of its users.
Yahoo recently agreed to sell its web assets to Verizon for $4.83 billion. The deal is expected to be closed by early next year. Yahoo has reportedly informed Verizon Communications Inc. about the security lapse. However, according to Verizon, it was done "within the last two days."