Yahoo has said that all of its three billion user accounts were affected in a hacking attack dating back to 2013.
The company, which was taken over by Verizon earlier this year, said an investigation had shown the breach went much further than originally thought. The stolen data did not include passwords in clear text, payment card or bank account data, it added.
Previously the internet giant had said “more than one billion” of its accounts had been hit.
Yahoo said that while its latest announcement did not represent a new “security issue” it was sending emails to all the “additional affected user accounts”.
The company added that it was “continuing to work closely with law enforcement”.
Yahoo’s takeover by the huge US telecoms firm Verizon was completed on 13 June. The deal was first announced last year when the struggling company agreed to sell its main internet business to Verizon for $4.8bn.
That figure was later cut to $4.5bn after Yahoo disclosed that it had been the victim, in 2013 and 2014, of two huge security breaches.
Verizon has combined its AOL subsidiary and Yahoo into a new business called Oath.
In Tuesday’s statement Verizon’s chief information security officer Chandra McMahon said: “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats.”
“Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”