Technology major Yahoo on Wednesday announced that the email accounts of 1 billion of its users had been hacked in August 2013. This, the company said, was in addition to the 500 million accounts that were breached in 2014. The company’s Chief Information Security Officer Bob Lord said they have “taken steps to secure those user accounts and [are] working closely with law enforcement”.

However, Lord said Yahoo “has not not been able to identify the intrusion associated with this theft.” The user information that hackers were able to access included names, email addresses, telephone numbers, dates of birth, some passwords and even some security questions and answers, Lord wrote. However, no card details or bank account information was stolen, he added.

Yahoo is now notifying its users, asking them to change their passwords and invalidating security questions through which hackers might be able to access the accounts. “We continuously enhance our safeguards and systems that detect and prevent unauthoris ed access to user accounts,” Lord wrote in the statement.

On September 23, Yahoo had confirmed that account information of an estimated 500 million users was stolen from the company’s network in late 2014. The company had said at the time that the data breach was carried out by a “state-sponsored actor”, but its investigation had found that no such agent was on its network.