Yahoo confirms data breach of 500mn users, blames 'state-sponsored actor'

© Denis Balibouse
Yahoo has confirmed a massive data breach that compromised the accounts of "at least" 500 million users.

The company revealed details of the hack in a statement on Thursday, confirming that information from "at least 500 million user accounts was stolen".

"A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor," read the statement.

Names, email addresses, phone numbers, dates of birth, passwords and both encrypted and unencrypted security questions and answers were stolen from millions of users. 

However, Yahoo doesn't believe the stolen information includes user payment card data or bank account information as that info is "not stored in the system".

News of the data breach was first revealed in August when notorious cyber criminal Peace_of_Mind [Peace] claimed he was selling data of millions of Yahoo users for around $1,800. Peace claimed that the number of user accounts affected was in the region of 200 million.

Due to the hacker’s previous success, the claim was considered credible and Yahoo launched an investigation but did not call on users to change their passwords.

READ MORE: 200 million alleged Yahoo user details up for sale on Darknet

"Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network," read the statement, adding that the investigation is ongoing and they are working with law enforcement.

Yahoo is in the process of notifying potentially affected users and has "taken steps to secure their accounts". However they're recommending any user who hasn't updated their password since 2014 to do so. 

The FBI has issued a statement saying it is "aware of the matter" and "will continue to investigate and hold accountable those who pose a threat in cyberspace". 

The concession comes at the worst possible time for the beleaguered internet company. Yahoo is about to finalize the $4.8 billion sale of its email service and other core internet properties to Verizon, and this development may have huge implications for the company.

Shareholder concern over the data hack confirmation could trigger an adjustment in the price of the transaction. The sale process is near completion but need to be first approved by a number of regulatory agencies and Yahoo shareholders before any deal is sealed.

READ MORE: Marissa Mayer may walk away from Yahoo divorce with $123mn

Shares of both companies were up 0.5 percent in late morning trading, compared with a 0.6 percent increase in the Nasdaq Composite index, according to Reuters.

Tech site Recode reported earlier Thursday that the company was expected to confirm the massive data breach shortly.