NEW YORK – Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013.
The Sunnyvale, California, company says it’s a different breach from the one it disclosed in September, when it said 500 million accounts were exposed. That new hack revelation raises questions about whether Verizon will try to change the terms of its $4.8 billion proposed acquisition of Yahoo.
Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.
In a statement posted online, Yahoo says the stolen user account information “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.”
Yahoo says the stolen information does not include “passwords in clear text, payment card data, or bank account information.”
Yahoo says it is notifying potentially affected users and has already taken steps to secure their accounts. Those steps include requiring users to change their passwords. The search engine giant also provided the following tips:
- Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;
- Review all of your accounts for suspicious activity;
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
- Avoid clicking on links or downloading attachments from suspicious emails; and
- Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
Yahoo says it has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016. That data breach affected 500 million accounts.