PLAYA VISTA, LOS ANGELES (KABC) --Yahoo confirmed Thursday that a data breach of its service happened in late 2014, which may affect at least 500 million users.
It announced that user account information, such as names, email addresses, dates of birth and some passwords, were compromised in late 2014 by what it called a "state-sponsored actor."
The investigation, which the company said is ongoing, said stolen information did not include unprotected passwords, payment data or bank account information.
The company went on to say that the state-sponsored actor did not appear to be in Yahoo's network and that it was working with law enforcement.
Yahoo said its users who haven't changed their passwords since 2014 should do so in light of the recent hack.
The possibility of a major hack came to light in August, when one hacker claimed on a website that he was selling the information of 200 million Yahoo users from 2012.
He was selling them at more than $1,800, and the information may have included user names, decrypted passwords and personal information, according to tech publication Recode.
Yahoo had said it was aware of the hacker's claim and investigated the incident.
Additional information on the data breach is available on the Yahoo Security page, yahoo.com/security-update.
The breach could have an impact on the $4.8 billion sale of Yahoo to Verizon.