Internet giant Yahoo revealed Wednesday that more than 1 billion user accounts were compromised in August 2013.
The massive breach, separate from the hack of 500 million accounts announced last September, may include everything from names, email addresses and telephone numbers to birthdays and MD5 hashed passwords.
“Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts,” Yahoo’s chief information security officer Bob Lord wrote. “The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.”
The company says it’s in the process of notifying potentially affected users while taking steps to secure accounts through required password changes.
“Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” Lord wrote. “The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.”
The newly announced breach will undoubtedly fuel further distrust in the company, which has been plagued by bad publicity over its security practices.
Last October it was also reported that Yahoo secretly built a custom software program on behalf of US intelligence to search every incoming email.