Yahoo revealed 500 million user accounts were breached in 2014 by an unnamed "state-sponsored actor" in one of the biggest cybersecurity breaches of all time.
The pioneering web company, in the verge of closing its $4.8 billion sale to Verizon, announced the breach after weeks of speculation after Motherboard reported a hacker listed a database of 200 million Yahoo accounts for sale on the dark web marketplace The Real Deal.
In a statement, the company said there is "no evidence that the state-sponsored actor is currently in Yahoo's network," and that the company is cooperating with law enforcement. The company adds that users can visit a security FAQ page in order to learn more about what they can do to secure their accounts (free tip: reset your password).
Earlier on Thursday morning, Recode's Kara Swisher reported that Yahoo was going to announce a breach of around 200 million user accounts. Though the company took its time with the official announcement, it eventually revealed news that was far worse than expected. The company started notifying some Yahoo email users to reset their passwords on Thursday morning.
In a statement, Verizon said it was only notified of the breach two days ago. The company said it is not commenting further for the time being.
As for what was actually taken, the company says that "names, email addresses, telephone numbers, dates of birth, hashed passwords... and, in some cases, encrypted or unencrypted security questions and answers" may have been compromised.
There were some warning signs that this hack was coming. In early August, Motherboard reported that a hacker named "Peace" was shopping around hacked Yahoo accounts. At the time, Yahoo declined to confirm or deny whether the hack was legit.
While Yahoo is a long way from its heyday a decade ago, the company remains one of the largest on the web in terms of active user accounts.