Hackers stole data associated with more than one billion Yahoo accounts in August of 2013, the company disclosed on Wednesday. This data breach is different from one that the company announced in September, when it said a "state-sponsored actor" stole information associated with 500 million accounts.
The data taken in the 2013 attack "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords ... and, in some cases, encrypted or unencrypted security questions and answers," the company said.
It added that hackers did not obtain "passwords in clear text, payment card data, or bank account information."
Yahoo apparently learned of the 2013 data breach last month, after law enforcement authorities provided the company with files. "We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data," the company stated. "Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. Yahoo has not been able to identify the intrusion associated with this theft."
Yahoo also said it is notifying users who may have been affected and is requiring them to change their passwords.