Over 1 billion Yahoo users likely affected by 3-year-old data breach

Click to play video: 'Yahoo data breach of 1 billion users largest in history' Yahoo data breach of 1 billion users largest in history
WATCH: Yahoo is telling users to change their passwords and warns the company will never send an email asking for your personal information. The warnings come after Yahoo announced a massive cyberattack involving 1-Billion user accounts. Hena Daniels reports – Dec 15, 2016

NEW YORK – Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013, in what is thought to be the largest data breach at an email provider.

The Sunnyvale, California, company was also home to what’s now most likely the second largest hack in history, one that exposed 500 million Yahoo accounts . The company disclosed that breach in September. Yahoo said it hasn’t identified the intrusion associated with this theft.

READ MORE: Yahoo waited 18 months to investigate massive security breach (Sept. 2016) 

Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

But the company said hackers may have also stolen passwords from the affected accounts. Technically, those passwords should be secure; Yahoo said they were scrambled twice – once by encryption and once by another technique called hashing. But hackers have become adept at cracking secured passwords by assembling huge dictionaries of similarly scrambled phrases and matching them against stolen password databases.

Story continues below advertisement

WATCH: Professor Peter Sommer, a cyber security expert, told the Associated Press he’s not inclined to believe the hack was state-sponsored. 

Click to play video: 'Cyber security expert comments on massive hack at Yahoo' Cyber security expert comments on massive hack at Yahoo
Cyber security expert comments on massive hack at Yahoo – Dec 15, 2016

That could mean trouble for any users who reused their Yahoo password for other online accounts.

READ MORE: Here’s what you need to know about the September Yahoo hack

Questions for Verizon

The new hack revelation raises fresh questions about Verizon’s $4.8 billion proposed acquisition of Yahoo, and whether the big mobile carrier will seek to modify or abandon its bid. If the hacks cause a user backlash against Yahoo, the company’s services wouldn’t be as valuable to Verizon. The telecom giant wants Yahoo and its many users to help it build a digital ad business.

In a statement, Verizon said that it will evaluate the situation as Yahoo investigates and will review the “new development before reaching any final conclusions.” Spokesman Bob Varettoni declined to answer further questions.

Story continues below advertisement

Yahoo said Wednesday that it is requiring users to change their passwords and invalidating security questions so they can’t be used to hack into accounts.

Sponsored content