Internet giant Yahoo has urged people to change their passwords after admitting a data breach that involved the theft of information from at least 500 million user accounts.

The company said it believed a 'state-sponsored actor' stole information including names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.

An investigation is still continuing into the breach, which Yahoo said happened in late 2014.

The company said that the stolen information did not include unprotected passwords, payment card data, or bank account information, which is not stored in the system that was targeted.

A statement released by Yahoo added: 'The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network. Yahoo is working closely with law enforcement on this matter.'

Yahoo said it is notifying any potentially affected users and asking any users that have not changed their passwords in the last two years to do so.

A list of security tips published on the company's Tumblr platform yesterday read: 'Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.

'Review your accounts for suspicious activity.

'Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.

'Avoid clicking on links or downloading attachments from suspicious emails.'

Bob Lord, Yahoo's chief information security officer, said: 'An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries.

'Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.'

Network security company NSFocus said that the Yahoo breach had been originally reported in 2012, but that the numbers of users affected had been significantly underestimated.