Yahoo has confirmed that over 1 billion user accounts have been compromised, with the breach dating back to August 2013.
The stolen user data includes names, email addresses, phone numbers, dates of birth, hashed passwords, and even unencrypted security questions. Thankfully, financial information such as bank account and credit card data is held in a different server, with Yahoo saying that server was not affected - hopefully.
The company is now in the process of notifying all affected users, asking them to change their passwords - but as for the unencrypted security questions, Yahoo has invalidated them. It was only back in September that we reported over 500 million Yahoo account details were leaked in a breach in 2014, with forensic experts stating that the two hacks aren't related.
However, Yahoo knew about the hacks in 2014 - and didn't say anything. The bigger question is the $4.8 billion acquisition of Yahoo by Verizon, but I'm sure with this recent data breach of 1 billion user accounts, Yahoo will have to drop that price considerably. Also, if I were Verizon, I'd rename Yahoo to FFS.