Yahoo Inc has said information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a "state-sponsored actor."
The data stolen may have included names, email addresses, telephone numbers, dates of birth and hashed passwords but may not have included unprotected passwords, payment card data or bank account information, the company said.
"The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," the company said.
Yahoo said it was working with law enforcement on the matter.
It was not clear how this disclosure might affect Yahoo's plan to sell its email service and other core internet properties to Verizon Communications Inc.
Verizon said in July it would buy Yahoo's core internet properties for $4.83 billion.
Verizon said it was notified of the breach in the last two days.
"We will evaluate as the investigation continues through the lens of overall Verizon interests ... Until then, we are not in position to further comment," the company said.
A spokesperson for the Office of the Data Protection Commissioner said it had been notified of the breach by Yahoo.
It said it has raised a number of issues with the company seeking further information and clarification and is awaiting a response.
Yahoo's European operations are regulated by the Irish Data Protection Commissioner, because its European, Middle East and Africa headquarters are in Dublin.