The hacker - known as ‘Peace’ - stole information including names, email addresses, telephone numbers, dates of birth, passwords, and security questions and answers.
The company has published a list of security tips on Thursday for users affected by the security breach, which took place in 2014:
“Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
“Review your accounts for suspicious activity. “Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
“Avoid clicking on links or downloading attachments from suspicious emails.”
Users can expect an email from Yahoo- pointing out that this will feature the purple "Y" for Yahoo icon. It won't contain any attachments, ask users to click on links, or request personal information.
Yahoo’s chief information security officer Bob Lord, said: “An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries.
“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”