Internet pioneer Yahoo has identified a new system breach from August 2013. The violation involved data of more than one billion user accounts - double the number affected in a different breach disclosed in September.
Yahoo Inc said on Wednesday that it has identified a new system breach that occurred in August 2013 and involved data associated with more than one billion user accounts.
The company, which is being acquired by Verizon for $4.83 billion (4.58 billion euros), said an unauthorized third party had stolen the data and that it was working closely with law enforcement.
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Payment card data and bank account information was not stored in the system believed to be affected, the firm added.
Double affected users
Users are now required to change their passwords so they can't be used to hack into accounts. Security questions linked to accounts are also being invalidated.
The company believes that the incident is unlikely to be connected to the breach it previously disclosed in September. In that particular case - which was thought to be the world's biggest known cyber breach - information associated with at least 500 million user accounts was stolen from its network in 2014.
Fall from the top
The latest breach discovery is a further embarrassment for Yahoo, which at one time was one of the biggest names of the internet but failed to keep up with rising stars such as Google and Facebook.
The incident is also likely to raise questions about Verizon's proposed acquisition of Yahoo, and whether the mobile carrier will look to modify or abandon its bid.
In a statement, Verizon said it will evaluate the situation as Yahoo investigates and will review the "new development before reaching any final conclusions." Spokesman Bob Varettoni declined to answer further questions.
ksb/kl (Reuters, AFP, AP)