Yahoo CEO Marissa Mayer. Reuters/Pascal Lauener More than 1 billion Yahoo user accounts — including phone numbers, birthdates, and security questions — may have been stolen by hackers during an attack that took place in August 2013, the company revealed on Wednesday.

The announcement of what could represent the largest hack of all time is a separate incident than the one Yahoo disclosed back in September. In that hack, Yahoo said that at least 500 million user accounts were compromised.

"The company has not been able to identify the intrusion associated with this theft," Yahoo said on Wednesday about the new incident.

News of the breach sent Yahoo shares sliding about 2.5% in after-hours trading on Wednesday.

The revelation of the hack could have implications for the $4.8 billion sale of Yahoo to Verizon, which has yet to close. Yahoo disclosed the previous hack to Verizon only after agreeing to the deal, and Verizon has since said that it considers the hack a material event that could affect the terms and price of the acquisition.

"As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation," Verizon told CNBC on Wednesday, regarding the latest hack.

Forged cookies

With a billion accounts at risk, that would make this the biggest breach of ever — bigger than the Myspace breach of 360 million user accounts and 427 million passwords.

Yahoo said that payment-card data and bank-account information were not stored on the system the company "believes" was affected. But the hackers may have collected a trove of other valuable personal information, such as user names, email addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers.

Yahoo said that it now believes an "unauthorized third party accessed the company's proprietary code to learn how to forge cookies." It was not clear which incident the forged cookies related to. But Yahoo said that "the company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016."

Here's the entire message from Yahoo: