Bob Lord, Yahoo's chief information security officer, said in a posting on the company's website that the company believes the theft was carried out by "a state-sponsored actor."
Information obtained in the hack may have included names, email addresses, telephone numbers, dates of birth, encrypted passwords and possibly security questions and answers. The investigation is continuing, Yahoo said.
Payment card data and bank account information are not stored in the affected system are are not believed to have been compromised, Lord said.
"The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," he said. "Yahoo is working closely with law enforcement on this matter."
The company said it was notifying potentially affected users, and urging people to promptly change their passwords and account verification methods.