(ABC News) - Popular web portal Yahoo said today that it believes a "state-sponsored actor" stole information relating to some 500 million user accounts from its network at the end of 2014.
The stolen information, according to Yahoo, could include names, email addresses, dates of birth, telephone numbers, password information, and possibly the question-answer combinations for security questions, which are often used to reset passwords.
The company also said that bank and payment card information does not appear to have been stolen in this data breach, according to the investigation so far.
The security questions, the company said, may have been stolen in encrypted or unencrypted forms.
The company said that the password information that was stolen was "hashed passwords."
As a matter of standard practice, most websites do not store passwords in their databases. Instead, passwords are run through a one-way formula, which generates a hash -- a string of random characters that is stored on the server. Every time a password is run through the formula, the same hash is generated.
However, the formula cannot be reversed, meaning that hashes cannot be converted into passwords. In this way, passwords can be verified -- without storing them on the server -- by comparing the hash stored on the server with the one generated by the password provided by the user at each login.
So, while the actual passwords likely haven't been stolen, the method of hashed passwords is not a foolproof practice because hashes can be generated from guessing passwords.
Yahoo said that it is contacting users who might have had their information stolen.
It said that it was "invalidating" security questions that were unencrypted.
Most importantly, it is urging users to change their passwords, if they haven't done so since 2014.
News of the hack comes two months after the company announced that it would be sold to Verizon for about $4.83 billion.
This is a developing story. Please check back for updates.
Copyright (c) 2016 ABC All Rights Reserved