In September, internet company Yahoo revealed that a "state-sponsored" actor breached Yahoo's servers, compromising 500 million accounts. Now, Yahoo has acknowledged another more massive breach--twice the size.
In a statement this week, Yahoo said that a recent investigation found that an "unauthorized third party" gained access to Yahoo's servers in August 2013 and stole data connected to 1 billion accounts. "The company has not been able to identify the intrusion associated with this theft," it said.
Yahoo went on to say that this incident is separate from the aforementioned hack that it disclosed in September.
The type of information stolen might have included names, email address, telephone numbers, dates of birth, passwords, and encrypted or unencrypted security questions and answers in some cases.
"The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information," Yahoo said. "Payment card data and bank account information are not stored in the system the company believes was affected."
Potentially affected users are being contacted now and will be provided with measures to secure their accounts. This includes mandatory password changes. Additionally, Yahoo has invalidated unencrypted security questions and answers as part of its response to the breach.
You can read Yahoo's full statement on the matter here.
Bloomberg reports that around 150,000 United States government and military employees were among those affected by the breach. More specifically, affected parties reportedly include current and former White House staff, congressional leaders, FBI agents, officials at the CIA, and people at every branch of the US military.
Verizon agreed to acquire Yahoo this summer in a deal worth $4.83 billion, though the buyout has not closed yet.
Have you been affected by this hack? What are your feelings regarding this hack? Let us know in the comments below!