According to Yahoo's latest security announcement, information from at least 500 million Yahoo accounts was stolen from the company back in 2014.
While Yahoo is working closely with law enforcement to get down to the bottom of this matter, they strongly believe this breach involves a state-sponsored actor.
Among the information stolen and currently being sold on the dark web includes names, birth dates, email addresses, phone numbers, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers.
Yahoo is in the middle of notifying all potentially affected users but suggests all users be proactive and change their passwords and adopt alternate means of account verification.
"Through strategic proactive detection initiatives and active response to unathorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure," claims Yahoo.
This breach could not have come at a worse time for Yahoo, in terms of their current financial situation. Yahoo has been said to be completing its $4.8 billion sale to the media giant Verizon Communications, leaving many feeling concerned with who will be taking responsibility for this massive data breach.
Learn about NNT's Breach Detection solutions
Read Yahoo's security announcement here