Yahoo hack may have affected 'one billion users'
Web giant says phone numbers, names, passwords and email addresses stolen in 2013 attack
Yahoo has revealed that "more than one billion user accounts" may have been hit in a hacking attack dating back to August 2013.
Bob Lord, the email provider's chief information security officer said: "The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers."
He added that the company was in the process of notifying the users whose accounts may have been affected by the attack and will require them to change their passwords.
Yahoo also says it is working closely with authorities in an investigation on the attack, which it claims may have been "state-sponsored", although analysts are sceptical of this theory, says Sky News.
The company has come under fire in recent weeks for its handling of data breaches – in September, it revealed a 2014 hack that compromised the security of around 500 million accounts. The 2013 attack is thought to be the largest ever data breach at an email provider.
"Yahoo employees reportedly knew of the intrusion that led to the theft of data from 500 million users as early as 2014, but the company did not announce the breach until this September," says TechCrunch.
"What Yahoo executives knew about the breach, and when they knew it, have been crucial questions in Verizon's ongoing acquisition of Yahoo. Yahoo did not disclose the first breach until several months after the deal was announced."