More than eight million user accounts in the UK have been affected by the Yahoo data breach.

The figure was given by the Information Commissioner's Office (ICO) after the US internet firm revealed that details of 500 million users had been stolen.

The ICO described the scale of the breach as "staggering".

Sky, which uses Yahoo as an email provider, is encouraging email holders to change passwords and security questions, in line with the US company's advice.

The company had about 2.5 million email account holders at the time of the breach in 2014 but the number affected is expected to be significantly smaller.

Sky, which owns Sky News, said: "Sky takes the security of our customers' data and information extremely seriously."

BT said a minority of its broadband customers had a "legacy email product from Yahoo".

It said: "We advise customers generally to reset their password regularly and we will be contacting affected customers specifically to help them keep their information safe."

Information Commissioner Elizabeth Denham said: "The vast number of people affected by this cyber attack is staggering and demonstrates just how severe the consequences of a security hack can be.

"The US authorities will be looking to track down the hackers, but it is our job to ask serious questions of Yahoo on behalf of British citizens and I am doing that today.

"We don't yet know all the details of how this hack happened, but there is a sobering and important message here for companies that acquire and handle personal data

"People's personal information must be securely protected under lock and key - and that key must be impossible for hackers to find."

Yahoo revealed the breach on Thursday, saying the information stolen may have included addresses, phone numbers and dates of birth.

It insisted unprotected passwords, payment card data and bank account information was safe, adding that it believed a state-sponsored hacker was responsible.

Verizon, the US telecoms firm which agreed to buy Yahoo's main internet operation in July, said it was alerted to the breach by Yahoo "within the last two days".

There was speculation the fall-out may have implications for the deal.

Verizon said: "We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities."

Users who might be affected are to be contacted by Yahoo, asked to change their passwords, and to use other ways of verifying their account.

Yahoo is under pressure to release more details on the attack and explain why it took so long to detect.