Yahoo has followed September's disclosure of a hack that potentially impacted 500 million users with the admission of a separate attack involving a hella troubling amount of people. The tech company announced Wednesday that another attack in 2013 compromised "more than 1 billion Yahoo accounts," the New York Times reported.
Sensitive user information, including unencrypted security questions, are believed to have been intercepted. All affected users are being forced to update their passwords. The security questions, as of Wednesday, have been invalidated. In a press release, Yahoo went into more detail regarding the breach:
"For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected."
Those responsible for the attack have not been identified.
In a previous statement confirming the 2014 hack, a Yahoo spokesperson also advised users to pay close attention when clicking all over an email from a weird-ass address. "The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information," a spokesperson recommended. For more security recs straight from the hacked horse's mouth, peep right here.