Embattled Internet 1.0 company Yahoo announced in a Wednesday statement that more than 1 billion user accounts were hacked in August 2013, double the amount the company said were compromised in a separate hack in September.
“Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts,” the company said in a statement. “The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.”
Yahoo said compromised information could include names, email addresses, telephone numbers, dates of birth, hashed passwords and in certain cases, encrypted or unencrypted security questions and answers. The company said its investigation shows that passwords in clear text, payment card data, and bank account information was not affected — which should provide a very small amount of relief to affected users.
Yahoo, which once rejected a $45 billion takeover offer from Microsoft, agreed to sell its core business to Verizon for $4.8 billion in July — before the company revealed the first hack. That deal going through — especially at that price — now seems less likely. Verizon called the first hack a “material” concern that could impact the deal, but has not yet commented on the latest revelation.
Yahoo’s stock is down more than 2 percent in after-hours trading.