Nearly 1 billion users had their accounts hacked by an unauthorized third party in August 2013, Yahoo announced on Wednesday.
Yahoo said that this was a separate incident from one previously reported in September.
Yahoo said accounts potentially had user account information stolen. That information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Yahoo said it does not believe that the stolen information included passwords in clear text, payment card data, or bank account information.
"Payment card data and bank account information are not stored in the system the company believes was affected," Yahoo said in a statement.
Yahoo said that it encourages users to review and update account information. The company has invalidated unencrypted security questions and answers so that they cannot be used to access an account, it said.
"Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account," the company said. "The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information."