Just when you think Yahoo’s security issues can’t get any worse, the company proves you wrong.
Yahoo disclosed a new security breach on Wednesday that may have affected more than one billion accounts. The breach dates back to 2013 and is thought to be separate from a massive cybersecurity incident announced in September.
Yahoo now believes an “unauthorized third party” stole user data from more than one billion accounts in August 2013. That data may have included names, email addresses and passwords, but not financial information.
The company will notify users who may be affected and has begun requiring users to change their passwords.
The security incident, likely one of the largest cybersecurity breaches ever, comes less than three months after Yahoo admitted data from at least 500 million accounts had been stolen.
That earlier breach, which Yahoo has attributed to a “state-sponsored actor,” is “likely distinct” from the newly disclosed breach, according to the company.
The original breach was initially viewed as a threat to Verizon’s $4.8 billion deal to buy Yahoo. More recently, AOL CEO Tim Armstrong said he was “cautiously optimistic” the deal would go through — but the second massive breach could change that.
“As we’ve said all along, we will continue to evaluate the situation as Yahoo continues its investigation,” Verizon said in a statement. “We will review the impact of this new development before reaching any final conclusions.”