It appears that millions of users were affected by the 2014 attack on Yahoo’s servers. The company’s claim that state-sponsored hackers were behind the data breach was rejected by security firms. The massive incident, so it seems, was carried out by a group of hackers called “Group E” based in eastern Europe, which works with spammers.
The data that Group E had was: user ID, password, phone number, and zip code. They sold the information.