Yahoo confirmed today that the information from at least 500 million user accounts was stolen by a “state-sponsored actor” in late 2014.
The stolen information may include names, email addresses, telephone numbers, dates of birth, hashed passwords, as well as encrypted and encrypted security questions and answers. The data does not include unprotected passwords, payment card data, or bank account information. The company also noted that it does not store payment card data and bank account information in the system that was hacked.
The company, which confirmed the hack after a “recent investigation,” said it is working with law enforcement, but did not clarify who a “state-sponsored actor” may be.
“Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry,” Yahoo said in a press release. The company also said customers should check their accounts for “suspicious activity” and change password and security questions for any accounts if they used similar passwords or information.