Yahoo disclosed on Wednesday it had discovered another cyber attack in which data from more than one billion user account was compromised in August 2013, making it the largest cyber security breach in history.
“We believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016,” Yahoo said in a statement.
According to the company, the stolen details might have included names, email addresses, telephone numbers and date of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
An investigation carried out by forensic experts indicated that stolen information did not include passwords in clear text, payment card data or bank account information.
The company has begun requiring potentially affected users to change their passwords and invalidated unencrypted security questions and answers to avoid unauthorized access.
Yahoo also said on Wednesday that it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge cookies that would allow intruder to access users’ accounts without a password.
Earlier, Yahoo had blamed the 2014 breach, which affected at least 500 million users, on the hackers working on behalf of a government.