On Wednesday, Yahoo revealed that a total of one billion user accounts were hacked starting back in 2013. Hackers obtained names, telephone numbers, dates of birth, and personal information from the hacks.
In September, Yahoo announced another hack of 500 million clients.
In the 2013 incident, Yahoo said that credit card and bank account numbers, which are stored separately, were not affected, but the breach did include some unencrypted “security questions” that the company uses to authenticate users.
Yahoo also reported a separate incident Wednesday in which hackers used what the company called “forged cookies” to gain access to some accounts, though it did not give the number. That incident, the company said, appeared to have links to the one announced in September involving “state-sponsored” attackers. Law enforcement officials said that breach, which happened in 2014, was probably the work of Russian hackers, though no final conclusion has been reached.
Users were warned to change their email passwords in 2013, but with the most recent hack it’s possible a user could have been hacked again.
“Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” the company said in a statement. “The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.”