The company will notify users who may be affected and has begun requiring users to change their passwords.
The security incident, likely one of the largest cybersecurity breaches ever, comes less than three months after Yahoo admitted data from at least 500 million accounts had been stolen.
"We believe this incident is likely distinct from the incident we disclosed on September 22, 2016," Bob Lord, Yahoo's chief information security officer, wrote in a blog post.
The second cybersecurity breach raises more concerns about whether Yahoo took enough precautions. As one former employee told CNNMoney after the first breach was disclosed, "Security was pushed to the back end" behind "other priorities."
The original breach was initially viewed as a threat to Verizon's (VZ, Tech30) $4.8 billion deal to buy Yahoo, given the potential impact on Yahoo's brand and user retention. Verizon learned about the breach after agreeing to the acquisition and later said it could have a meaningful financial impact on the deal.
AOL CEO Tim Armstrong said earlier this month he was "cautiously optimistic" the deal would go through -- but the second massive breach could change that.
"As we've said all along, we will continue to evaluate the situation as Yahoo continues its investigation," Verizon said in a statement Wednesday. "We will review the impact of this new development before reaching any final conclusions."
Yahoo's stock fell 2.5% in after hours trading Wednesday following the disclosure.
Please Follow Us on As many As possible to ensure we cannot be censored or shut down.
(LIKE, SHARE, COMMENT, SUPPORT US & FOLLOW)