Yahoo has confirmed reports that millions of its users have had information compromised when "certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor."
The company said that the ongoing investigation, which involves law enforcement, has uncovered that information associated with at least 500 million accounts has been stolen.
"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," the company said in a statement Thursday.
"The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected."
Customers are encouraged to review their accounts for suspicious activity and change their password, security questions and answers for other accounts that may be similar to Yahoo accounts, especially if they have not done so since 2014. Yahoo also asks customers to consider using a Yahoo Account Key, which it says eliminates the need to use a password.
The company is notifying users. More information is at the company's Security Issue FAQs page.