The hack occurred in August 2013, but the company just revealed the news this week—and it doesn’t exactly know how it happened. The recent news adds to Yahoo’s announcement in September that data from 500 million users was compromised.
Yahoo’s chief information security officer, Bob Lord, wrote in a blog post:
We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.
Lord said the stolen information could include “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
The breach could have a devastating impact on Yahoo’s already struggling image.