Yahoo said Thursday a massive attack on its network in 2014 allowed hackers to steal data from half a billion users and may have been “state sponsored.”
Yahoo, which confirmed details of the breach months after reports of a major hack, said its investigation concluded that “certain user account information was stolen” and that the attack came from “what it believes is a state-sponsored actor.”
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen,” a statement from the US internet giant in what is likely the largest-ever breach from a single organization.
It appeared that looted data did not include unprotected passwords or information associated with payments or bank accounts, the Silicon Valley company said.
Yahoo is asking affected users to change passwords, and recommending anyone who hasn’t done so since 2014 take the same action as a precaution.
Users of Yahoo online services were urged to review accounts for suspicious activity and change passwords and security question information used to log in anywhere else if it matched that at Yahoo.