In September, we learned that at least 500 million Yahoo accounts may have been compromised. Now, Yahoo officials say it may have happened to another billion accounts.
According to the New York Times, these two attacks appear to be separate. The previous one happened when user account info was stolen in 2014. The one we are just learning about happened in 2013.
Yahoo! Inc. released a statement Wednesday explaining what information was potentially stolen. The stolen data include names, email addresses, phone numbers, birthdates, hashed passwords, and even encrypted or unencrypted security questions and answers.
Following an investigation, Yahoo says it doesn't look like credit card or bank account information is at risk since that's not stored in the system the company believes was affected.
Yahoo says it's notifying users who may be affected. The company has already taken steps to secure accounts, like making users change their passwords. Yahoo has also made it so security questions and answers can no longer be used to access accounts.
Yahoo recommends people keep an eye on all of their online accounts, and watch out for suspicious activity. If any other passwords you use are the same or similar to your Yahoo password, change those as well.
How were they hacked?
Yahoo previously said they believe a “state-sponsored actor” (someone acting on behalf of a government) was behind the previous data breach, and stole pretty much the same information.
The company has not been able to figure out how the billion-user breach happened, though.