Yahoo Inc said on Wednesday that it has identified a new breach that occurred in August 2013 and involved data associated with more than one billion user accounts, double the number affected in a different breach disclosed in September.
Yahoo said it believed the latest incident was likely distinct from the breach disclosed in September, when it said information associated with at least 500 million user accounts was stolen in 2014.
The 2014 breach was believed to be the world’s biggest known cyber breach by far.
The company, which is being acquired by Verizon Communication Inc for $4.83 billion, said an unauthorized third party had stolen the data in the latest breach and that it was working closely with law enforcement.
The company said it has not been able to identify the intrusion associated with the theft.
Yahoo said the stolen user account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Payment card data and bank account information were not stored in the system believed to be affected, the company said.
Yahoo, whose shares were down 2.5 percent in extended trading, said it is notifying potentially affected users and has taken steps to secure their accounts.
Verizon said, “we will review the impact of this new development before reaching any final conclusions.” Verizon shares were up 0.17 percent after hours.
(Reporting by Anya George Tharakan in Bengaluru; Editing by Savio D’Souza)