Back in September, Yahoo revealed a massive data breach that affected 500 million users. While that had happened in 2014, it now appears that that wasn't the company's largest breach, as today it confirmed that in August, 2013, there was another one that affected twice as many users, or in other words, over a billion.
Yahoo says that for potentially (which at a billion, is pretty much everyone) affected accounts, stolen data "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers." The firm says that no payment information was taken, or passwords in clear text.
The company says that it is notifying affected users and is taking steps to secure their accounts. Basically, you'll have to reset your password. Of course, if the timeline here is correct, you should be good to go if you were asked to change your password since the breach that was reported in September.
Of course, back in July, Verizon announced that it was all set to acquire Yahoo for $4.83 billion, a deal that seems to be more in question by the day. The company can still renegotiate its deal, or cancel it altogether.
In a statement, Verizon said, "We will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions."