This week, Yahoo revealed another massive security breach that compromised more than one billion user accounts.

This is almost double the number of affected user accounts from the security breach that the company reported last September where 500 million accounts were exposed in a state-sponsored attack.

In a statement released last Wednesday, Yahoo informed the public: "Law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. ... Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts."

The company also revealed that compromised accounts might have their users' vital bits of information exposed, such as their birthdates, security questions, hashed passwords, email addresses, names, and telephone numbers.

Hashed passwords are computer--generated, random codes. Yahoo clarified that hashed passwords produced through MD5 are the ones hacked this time. Yahoo also informed its one billion affected users that passwords in clear texts and information related to bank accounts and payment cards were not compromised.

The information technology company said that it is already letting affected users know the security threat that their accounts have potentially suffered and requiring them to change their passwords as well. On the other hand, the company has invalidated "unencrypted security questions" and scrapped their corresponding answers so it cannot be used without the real user's consent.

Unfortunately, Yahoo admits that they have not yet figured out the ones responsible for this massive security attack to its one billion users. However, the company and their forensic experts believe that the attackers have utilized "forged cookies" to accomplish the security breach.

"Unauthorized third party accessed the company's proprietary code to learn how to forge cookies," Yahoo explained. The company promised the public that they have already invalidated these forged cookies.

Yahoo also admitted, "The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016."

In the end, Yahoo encourages all users to change their passwords and the answers to their security questions. They should also review their email activities and be keen on suspicious instances. Users are advised to refrain from clicking suspicious links that come from unknown emails.