Yahoo on Wednesday said it has taken steps to invalidate forged cookies related to user accounts in the state-sponsored attack.
In a statement posted on its website, Yahoo says an unauthorized third party stole the data.
Almost 1 billion users had their accounts hacked by an unauthorized third party in August 2013, Yahoo announced on Wednesday.
The company said it has not been able to identify the intrusion associated with the theft. The hackers also accessed the company's proprietary code to learn how to forge cookies that could allow an intruder to access users' accounts without a password.
The breach is separate and distinct from an announcement in September that 500 million accounts had been penetrated by a "state-sponsored actor".
Waiter Matt Terry lifts X Factor crown
Runner-up Aalto thanked everyone for their support and told O'Leary: "This has been an fantastic journey". The X Factor 2016 final is TONIGHT as the victor revealed - here's all you need to know.
The new hack revelation raises fresh questions about Verizon's $4.8 billion proposed acquisition of Yahoo, and whether the big mobile carrier will seek to modify or abandon its bid.
In the mid-1990s, Yahoo was among the most popular destinations on the internet, helping many people navigate the emerging web.
Yahoo now says that they believe information connected to over a billion user accounts was breached by hackers in 2013. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. No plaintext passwords were leaked, nor were payment card data or bank account information.
It said user account information stolen in the breach may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, unencrypted security questions and answers.