"People's personal information must be securely protected under lock and key - and that key must be impossible for hackers to find."
Yahoo confirmed that while most user passwords were encrypted and not visible to hackers, many security questions and answers linked to accounts were. This has led to criticism from analysts over Yahoo's security set-up and failure to report the breach.
Alex Mathews, from online security firm Positive Technologies, said: "The elephant in the room is Yahoo's admission that 'encrypted or unencrypted security questions and answers' might be amongst the hackers' haul.
"If the investigation determines that this extremely sensitive information were stored unencrypted, then serious questions need to be answered as this lack of security will highlight serious failings by Yahoo in its responsibility to protect customers."
Yahoo has urged all users to change their passwords and security questions in wake of the breach.
