In a release posted today, Yahoo (NASDAQ: YHOO) said it has “confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor” and that at least 500 million user accounts had been exposed.
Moving forward, the company said it would notify affected users and has already take steps to secure those accounts. The company also recommended changing passwords on Yahoo accounts if they have not been changed since 2014, which is when the company said the theft occurred.
Recode said the announcement may affect Yahoo’s pending sale of its core assets to Verizon Communications (NYSE: VZ). Yahoo had not replied to Recode with a comment about the report as of this morning.
Recode noted that there were reports this summer of a major breach; Yahoo said at the time that it was investigating. A separate report by Motherboard said a hacker, identified as Peace, claimed to have obtained 200 million Yahoo user credentials that he had been selling privately but then decided to sell more openly. That report said the data appeared to include usernames, hashed passwords, dates of birth and some backup email addresses.
Verizon’s $4.8 billion deal with Yahoo was announced in July.