Yahoo has come out to confirm details of a hacking incident that involves half a billion Yahoo accounts, the biggest in history, and has urged those affected to update the locks on their accounts immediately.

The internet company's investigation reveals that the account information of 500 million users, including their names, emails, phone numbers, encypted passwords and security questions, were stolen some time in late 2014.

Yahoo believes that a "state-sponsored actor" is responsible for the massive data breach.

"Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," says Yahoo in an official press statement. "Yahoo is working closely with law enforcement on this matter."

In the wake of the Yahoo hacking incident, the company encourages users to change their security questions and passwords, especially those who have yet to do so since 2014.

Hacker 'Peace' And Claims Of 200 Million Yahoo Accounts Compromised

In August, a hacker who goes by the moniker "Peace" listed about 200 million supposed Yahoo accounts for sale online. Peace says that the Yahoo account credentials are from 2012 and sells them in bulk for about $1,800.

"It's as bad as that," a source tells Recode. "Worse, really."

Hacker Peace is believed to be the same one who reportedly hacked MySpace (427 million) and LinkedIn (117 million) accounts and sold them via the dark web earlier this year.

Following reports of the hacking, Yahoo officials admitted they were aware of Peace's claims and so were in the process of investigating the issue.

"Our security team is working to determine the facts," wrote Yahoo in an email responding to Motherboard's inquiry regarding the reported data breach. "Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms."

Motherboard says that it managed to get its hands on 5,000 records prior to the public listing. Testing a couple dozen accounts from the 5,000, Motherboard found that most of them did exist.

"This was done by going to the login section of Yahoo, entering the email address, and clicking next; when the email address wasn't recognised, it was not possible to continue," Motherboard revealed the testing method used.

"Well, better for me they don't do password reset," Peace told the publication.

Verizon and Yahoo: Possible Price Adjustment in Acquisition Deal

While Yahoo's press release has at least shed light on the worries of users, the findings of the investigation can also put a wrench in Yahoo's current business dealings, especially with Verizon, which is poised to acquire the troubled internet group.

"We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," Verizon said in response to Yahoo's revelation.

Big Red agreed to buy the struggling Yahoo for $4.83 billion back in July, prior to the hacking reports surfacing. The deal involves Yahoo's core business and is projected to be completed in the first quarter of 2017.

ⓒ 2021 All rights reserved. Do not reproduce without permission.