Yahoo Inc. said it has discovered what reports call the largest cyber attack in history that compromised information from more than 1 billion user accounts in August 2013, doubling the number of accounts with data stolen in the previously disclosed 2014 breach.
Disclosure of the 2014 attack, which affected 500 million Yahoo accounts, led Verizon to reconsider its agreement to buy the firm’s core business for $4.83 billion.
Yahoo has required all of its users to reset their passwords. After the first disclosure of a breach, it recommended but did not require a password change.
Yahoo said the latest incident was probably “distinct” from the first.
Information stolen may have included names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. Yahoo said payment and bank account information were not stored in the system breached.
The double breach of Yahoo’s systems suggest it was not taking security seriously, some experts commented.
Yahoo, once an Internet mainstay, has faced numerous setbacks in recent years and the latest security breach is likely to further erode trust in the company.
Yahoo shares fell 2.4 percent in after hours trading Wednesday to $39.91.
