Just a couple months ago, Yahoo revealed that a hack had compromised half a billion of its users’ accounts. Apparently going half way wasn’t good enough. They’ve just announced a separate hack that’s twice as big.Yes, a separate hack. That the same company could be attacked twice on a scale so huge is truly mind boggling, yet that’s exactly what Yahoo has just revealed.This new attack took place — wait for it — in 2013. So not only did it impact twice as many Yahoo accounts the company also didn’t tell us about it for nearly twice as long.As for who’s behind the attack, Yahoo believes it’s the work of state-sponsored hackers. They also believe that there’s some kind of connection to the 2014 hack, which the company has also pinned on a nation state. There may also be a link to stolen Yahoo code that reportedly allowed bad actors to forge cookies and access users’ accounts without even knowing their passwords.Here’s the “good” news about Yahoo’s second record-breaking hack: payment information and plain-text passwords were not obtained by those responsible. If you’re looking for a silver lining, that’s all you’re going to get.Here’s the rest of the bad news. The data that was stolen on those 1 billion accounts included names, email addresses, phone numbers, dates of birth, and, in some cases, plain text password recovery questions and answers.Oh, about those passwords. While they weren’t stored in plain text, they were hashed using MD5 — which is something that security experts have been warning against doing since at least as far back as 2012. While it would still take a considerable amount of computing power to crack them, it’s definitely doable with today’s hardware.Yahoo has blanked out any reset questions that were stored in the clear and they’re in the process of notifying all 1 billion affected users. That’ll take quite a while.We’re talking about roughly a third of the entire population of the Internet, after all.