Information from at least 500 million Yahoo accounts was stolen from the company in 2014, and the company said Thursday it believes that a state-sponsored actor was behind the hack.

The information may have included names, email addresses, telephone numbers, dates of birth, and, in some cases, encrypted or unencrypted security questions and answers, Yahoo said.

Claims surfaced in early August that a hacker using the name "Peace" was trying to sell the usernames, passwords and dates of birth of Yahoo account users on the dark web — a black market of thousands of secret websites.

Yahoo recommends that users who haven’t changed their passwords since 2014 do so.

The company said it was notifying potentially affected users and taking steps to secure their accounts. That included invalidating unencrypted security questions and answers and asking users to change their passwords.

Yahoo account holders should also change passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.

In addition, avoid clicking on links or downloading attachments from suspicious emails that claim to be updates from Yahoo about the breach. Hackers often use news of big breaches to conduct "phishing" campaigns. Yahoo users should be cautious of unsolicited communications that ask for personal information, the company said.

Finally, all users should review their online accounts for suspicious activity.

USA Today