Yahoo confirmed Thursday that hackers accessed the account information of at least 500 million users’ in late 2014.
The Silicon Valley tech company, in a press release, accused “a state-sponsored actor” of perpetrating the data breach and stated the hacker was no longer inside Yahoo’s network.
The stolen information may include names, email addresses, telephone numbers, dates of birth and passwords, Yahoo stated. So far, the company doesn’t believe the hacked information includes credit card data or bank account numbers.
Last month, a hacker — who goes by the moniker “Peace” — said they were selling 200 million Yahoo users credentials online. At the time, Yahoo said it was “aware of a claim” but did not confirm a hack had occurred.
Yahoo is notifying the affected users and advising them to review their online accounts for suspicious activity. Hacked users may also want to change the passwords and security questions on other accounts that use access codes similar to their Yahoo account.
Yahoo has initiated programs to detect and notify users when a company suspects that a state-sponsored actor has hacked into an account. Since Yahoo launched the program in December 2015, approximately 10,000 users have received notices, not including the most recent hack.