For the second time in just four months, Yahoo has announced a massive cyberattack. The first attack, which occurred in 2014, set a record with the breach of 500 million user accounts. But the company now believes that twice as many accounts were compromised in a second data breach.
An internal investigation at the search engine company revealed a 2013 attack in which cyber criminals stole approximately 1 billion end user names, email addresses, telephone numbers, and dates of birth. Also stolen were hashed passwords as well as security questions and answers, some of which may have not been encrypted.
Yahoo did not explain why only some account recovery questions and answers were encrypted, but said it does not believe any financial data was stolen in the newly discovered earlier breach.
The news complicates Yahoo ongoing negotiations with Verizon for the $4.8 billion acquisition of Yahoo and could jeopardize the deal if Yahoo’s valuation decreases substantially.