The company says information associated with at least 500 million user accounts was stolen from its network in 2014 by what is believes was a “state-sponsored actor”.
No further details of the perpetrator have been given.
The company says personal data including names, email addresses, telephone numbers, dates of birth and hashed passwords may have been stolen.
However, payment card data or bank account information is unlikely to have been accessed.
Yahoo says it has contacted all the clients affected and is working with police on the matter.
What should clients do?
Yahoo says it has taken all the steps necessary to protect its clients security.
However, the company is urging any user who has not changed their password since the end of 2014 to do so immediately.
Clients should also update their security questions, be wary about opening emails or downloading attachments from suspect senders and be prudent about any request for personal information.
They are also asked to monitor their accounts for any signs of suspect activity.
Sale to Verizon Communications Inc
It is not clear how this news might affect Yahoo’s plan to sell its email service and other core internet properties to Verizon Communications Inc.
Verizon said in July it would buy Yahoo’s core internet properties for nearly five billion dollars.
“We will evaluate as the investigation continues through the lens of overall Verizon interests. Until then, we are not in a position to further comment,” Verizon said in a statement. (Euronews)