Yahoo on Wednesday disclosed a data breach from 2013 in which hackers may have stolen information from 1 billion user accounts.
It’s the second massive hack the company has revealed this year and is likely to increase scrutiny of Yahoo’s security practices. The earlier hack affected 500 million accounts, a record-breaking amount at the time.
“Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016,” the company said in its statement.
{mosads}
Similar to the earlier hack, the stolen info includes names, email addresses, telephone numbers, dates of birth, scrambled passwords and, in some cases, encrypted or unencrypted security questions and answers.
The Sunnyvale, Calif.-based company said it is notifying potentially affected users and has already taken measures to protect their accounts.
It’s unclear if the new breach will affect Verizon’s pending acquisition of Yahoo. After the last breach, company officials said the hack would have a “material impact” on the deal.
Yahoo also announced a new detail in its Wednesday release about an ongoing investigation it was conducting with the help of third-party experts. The investigation’s findings so far have led the company to believe that “an unauthorized third-party accessed the company’s proprietary code to learn how to forge cookies,” which allow hackers to access accounts without user passwords.
The company’s privacy practices have come under fire of late. Reports from Reuters and The New York Times claimed that at the behest of U.S. intelligence, Yahoo created a tool to scan all of its users emails, searching for particular phrases and topics specified by the government.
Yahoo has called those reports “misleading.”
Updated 6:50 p.m.