Yahoo! Inc. has identified data security issues concerning certain Yahoo user accounts through an investigation, and has found evidence of another data breach.
The investigation, which took place after law enforcement gave Yahoo data files provided by a third party, involved analysis of the data provided. The analysis revealed that an unauthorized party in August 2013 stole data associated with more than 1 billion user accounts.
While Yahoo could not identify the intrusion associated with the theft, it believes this incident is different from the one it revealed in September. In that previously disclosed incident, data linked with at least 500 million user accounts was stolen from Yahoo's network in late 2014 by what the company deemed a "state-sponsored actor."
The 2013 theft may have included names, email addresses, telephone numbers, birthdates, hashed passwords using MD5 and, in some cases, encrypted or unencrypted security questions and answers. The theft did not include passwords in clear text, payment card data or bank account information, the company said Dec. 14.
Yahoo is currently notifying potentially affected users and also worked on securing their accounts, including requiring users to change their passwords. Further, the company invalidated unencrypted security questions and answers so that they cannot be used to access accounts.
The investigation also revealed that an unauthorized third party accessed the company's proprietary code to learn how to forge cookies. The forensic experts identified users' accounts for which they believe the forged cookies were taken or used. The company is notifying the affected users and has invalidated the forged cookies.
Yahoo said it was also able to connect some of this activity to the same state-sponsored actor believed to be involved in the 2014 data theft.