Yahoo has issued a new warning to some users on Wednesday (February 15) about potentially malicious activity on their accounts between 2015 and 2016 where hackers used forged cookies to access users’ accounts without a password.


The latest notifications were issued in response to a data breach disclosed in December 2016 that occurred in August 2013 which compromised over one billion accounts — the largest known data hack in history.

In September, the company disclosed a separate breach that occurred in late 2014 that affected at least 500 million user accounts, blaming “state-sponsored actors” for the attack.

The company said some of the 2015 and 2016 incidents have been tied to the same state-sponsored actor, but did not name the state.