BBC News reports Yahoo said the attack is separate from another breach in which around 500 million accounts were hacked in 2014.
The Sunnyvale, California-based company said information stolen included names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. The unknown intruder is not believed to have obtained any clear text passwords, bank account information or credit or debit card data.
In response to the attack, Yahoo is invalidating the security questions of all affected users and ordering them to changer their passwords. The company is also advising users to “review all of their online accounts” and carefully check for signs of suspicious activity. It also recommends avoiding links from suspicious or unknown emails and the utilization of two-factor authentication.
It is unclear if or how the latest attack against Yahoo will affect the company’s pending sale of its core business to Verizon Communications, a $4.8 billion deal finalized in July. Verizon had previously said it might attempt to renegotiate the terms of the deal in the wake of the revelation of the 2014 hack.
