Consumers were aghast when Yahoo (NASDAQ:YHOO) disclosed last September that 500 million accounts have been hacked. Many questioned their security and asked how the company could let this happen. It is now confirmed that the data breach was even more serious as Yahoo revealed on Wednesday that actually 1 billion accounts have been compromised, as there was a second breach, separate from the September incident.

Hackers Steal Critical Information From Yahoo

Hackers have stolen a lot of data from Yahoo, including the names, email addresses, telephone numbers, addresses, security questions, and more. What is most worrying about the incident is that Yahoo has so far not been able to find out how the breach happened, just blaming the incident on a “state-sponsored actor”.

However, till now, this supposedly state-sponsored actor has not been named yet.

Bob Lord, who is the Chief Information Security Officer, said Yahoo has not been able to identify who stole the data, and how this was done. But some forensic experts are claiming that this was probably done with “forged cookies”. Hackers used forged versions of the cookies to access the accounts. Passwords were not needed.

Yahoo Assures All Users, Asks Them to Change Passwords

The company, however, assures users that not all information was stolen. “The investigation indicates that the stolen information did not include passwords in clear text, payment card data or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected”.

They are presently contacting those whose accounts are likely to be hacked and asking them to review their accounts if there is suspicious activity. Yahoo (NASDAQ:YHOO) has also asked everyone to change their passwords immediately. They are also invalidating all passwords and security questions for all affected accounts.

Yahoo also says they are working with law enforcement authorities to find out how the breach happened, and prevent such an incident again in the future.

This latest revelation of data breach may affect the Yahoo-Verizon deal even more, according to some observers. In fact, Verizon (NYSE:VZ) issued a statement after the September breach was announced, saying that they might renegotiate the terms after reviewing the impact of this hacking incident. Yahoo said last month they expect the $4.8 billion Verizon deal to go through early next year.

The Yahoo stock was down 2.4 percent in after-hours trading after the announcement.