Yahoo has confirmed that more than one billion user accounts were hacked in 2013. Yes, you read it right, more than one million, and 2013 hack is separate from 2014 hack in which nearly 500 million accounts were breached.
The company said that there was no breach of bank account details or any payment data, some personal data has been breached like names, phone numbers, passwords and email addresses.
Yahoo which was taken over by Verizon said it was working closely with the police and authorities.
In a statement the company said, "believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts."
The breach "is likely distinct from the incident the company disclosed on September 22, 2016".
Account users were advised to change their passwords and security questions.
The BBC interviewed Cybersecurity expert Troy Hunt, "This would be far and away the largest data breach we've ever seen. In fact, the 500 million they reported a few months ago would have been, and to see that number now double is unprecedented.
"Yahoo hasn't attributed the attack to any state-sponsored activity as they did with the previous incident. They've referred to the tampering of cookies, though, which gives us some useful insight into where the vulnerability may have existed in their system."
The company said that there was no breach of bank account details or any payment data, some personal data has been breached like names, phone numbers, passwords and email addresses.
Yahoo which was taken over by Verizon said it was working closely with the police and authorities.
In a statement the company said, "believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts."
The breach "is likely distinct from the incident the company disclosed on September 22, 2016".
Account users were advised to change their passwords and security questions.
The BBC interviewed Cybersecurity expert Troy Hunt, "This would be far and away the largest data breach we've ever seen. In fact, the 500 million they reported a few months ago would have been, and to see that number now double is unprecedented.
"Yahoo hasn't attributed the attack to any state-sponsored activity as they did with the previous incident. They've referred to the tampering of cookies, though, which gives us some useful insight into where the vulnerability may have existed in their system."