The company is asking users not to click on links in e-mails from them
Web provider Yahoo has said it now believes all of its users accounts were compromised in a hack back in 2013.
In a statement, the company says: "Based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected.
"It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts."
The company also says it required all users who had not changed their passwords since the time of the theft to do so.
It has also invalidated unencrypted security questions and answers so they cannot be used to access an account.
The disclosure came from Oath, a subsidiary of US telecoms company Verizon, which acquired Yahoo's online assets in June for US$4.48bn (€3.80m).
The hack was disclosed by Yahoo in December last year, when it said that approximately one billion of its three billion users were affected.
Yahoo says this is not a new security issue.
It is notifying additional user accounts that were potentially affected with an e-mail in relation to this new information.
Yahoo says the e-mail does not ask users to click on any links or contain attachments, and does not request personal information.
"If an e-mail you receive about these issues prompts you to click on a link, download an attachment, or asks you for information, the e-mail was not sent by Yahoo and may be an attempt to steal your personal information.
"Avoid responding to, clicking on links in, or downloading attachments from such suspicious emails", the company says.
Chandra McMahon, chief information security officer at Verizon, said: "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."
Additional reporting: IRN