YAHOO has admitted that hackers breached its system to steal data from one billion user accounts in a massive cyber attack that was unreported for more than three years.
In the past few months, Yahoo has owned up to being hit by the two biggest data breaches in history.
In September, it announced it had been hit by what was then declared the world's biggest hack - now it has revealed a new attack that involves twice as many people and sets a new record.
The news could not have come at a worst time for Yahoo, which is in the middle of securing a huge buyout deal.
Yahoo today has reported a experts analysing Yahoo's records in the lead up to the buyout by Verizon had identified the mammoth attack which occurred in August 2013.
The hack reported today is separate to another hack reported in September which targeted 500 million Yahoo in 2014.
Yahoo blamed the 2014 attack on "state-sponsored" hackers.
Yahoo said today in the hack of 1 billion customers in 2013 information stolen by the hackers included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and unencrypted security questions and answers which could be used to access people's accounts.
Yahoo said the data did not include unencrypted passwords nor did it include credit card details which were kept on a different system.
Yahoo said today it was notifying the 1 billion account holders affected in the security hack.
Yahoo also warned today that forensic experts investigating the 2014 hack had discovered a way that hackers has forged cookies that allow them to access a person's account without a password.
"The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016," Yahoo said in the statement.
The news of the latest hack casts doubt on the US$4.8 billion Verizon buyout of Yahoo.
Verizon told CNBC today that "we will review the impact of this new development before reaching any final conclusions".
Yahoo has recommended its users change their passwords and security questions and answer prompts for any accounts which they have used the same information as their Yahoo account.
It also urged its users not to click on links or download attachments from suspicious emails and be suspicious of unsolicited emails and phone calls asking for personal information.