After revealing the smaller breach of 500 million in September, six USA senators sent the tech company a letter demanding exactly when the company had learned of the intrusion, finding it "unacceptable that millions of Americans' data may have been compromised for two years".
Stolen user information from the accounts affected could include names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5), and encrypted or unencrypted security questions and answers.
"We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data", Lord said. Based on the ongoing investigation, the company believes an unauthorized third party accessed the company's proprietary code to learn how to forge cookies. The investigation so far suggests hackers did not obtain credit card or bank account information.
In that November SEC statement the company hinted that this news was coming: "Separately, on November 7, 2016, law enforcement authorities began sharing certain data that they indicated was provided by a hacker who claimed the information was Yahoo user account data". "The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information".
Given that the breach occurred three years ago, resetting users' passwords might be too little too late, according to security experts. Yahoo says it is in the process of notifying users impacted by this breach, and will require all of them to change their passwords.
Shares of Yahoo fell by nearly 5 percent on the news, while Verizon shares started to rise.
'It's 90 per cent certain'- Oscar confirms Shanghai SIPG move
Former England boss Sven-Goran Eriksson was sacked as Shanghai SIPG coach last month, with Villas-Boas taking over. Brazilian star Oscar will move to Shanghai SIPG after Chelsea FC manager Antonio Conte accepted a £52m bid.
Hours before it announced the breach on Wednesday, executives with Google, Facebook and other large USA technology companies met with President-elect Donald Trump in NY. That breach occurred in 2014 and went undetected by the tech firm for almost two years. Looking at the statistics, experts in this field believe that this is one of the biggest data breach incidents that has ever taken place.
"This is a massive issue", said Jo Webber, chief executive of security firm Spirion. Yahoo says that it believes this situation is connected at least in part to the allegedly state-sponsored hackers that committed the 2014 breach it disclosed in September.
The news caused a late dip in Yahoo's stock price, sending it down as much as 2.7 percent in after-hours trading.
Though the data has been breached for years, it's very possible Yahoo account holders may find themselves the victims of a ransomware style attack that locks them out of their own accounts - if it hasn't happened already, Senf says.
Following the latest disclosure, Verizon said, "we will review the impact of this new development before reaching any final conclusions".
If any of the user accounts were in Europe, the company could be subject to tough European penalties, too, Webber said. Given the size of the two hacks, many Yahoo users are likely to have had their information stolen a few times. At that point it was considered the largest hack in history.