Yahoo confirms massive data breach affecting 500 million accounts
Yahoo has confirmed personal data from 500 million accounts has been stolen in a massive security breach.
The hack dates back to late 2014, the web company said.
It only recently discovered the break-in as part of an ongoing internal investigation.
The stolen data includes users' names, email addresses, telephone numbers, birth dates, hashed passwords, and the security questions - and answers - used to verify an account holder's identity.
Last month, the tech site Motherboard reported that a hacker who uses the name Peace boasted that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the web.
Yahoo recommends that users change their passwords if they have not done so since 2014.
The Sunnyvale, California, company said its investigation so far has not found any evidence that information about users' bank accounts or credit and debit cards were swiped in the hacking attack.
It said it has "no evidence" that the attacker is still in Yahoo's network.
News of the security lapse could cause some people to have second thoughts about relying on Yahoo's services, raising a prickly issue for the company as it tries to sell its digital operations to Verizon Communications for 4.8 billion dollars (£3.7 billion).
That deal, announced two months ago, is not due to close until early next year.
The timescale leaves Verizon with wiggle room to renegotiate the purchase price or even back out if it believes the security breach will harm Yahoo's business.
That could happen if users shun Yahoo or file lawsuits because they are incensed by the theft of their personal information.
Verizon said it still does not know enough about the Yahoo break-in to assess the potential consequences.
"We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," the company said in a statement.