The organization said the data stolen may incorporate names, email addresses, telephone numbers, birthdates and security inquiries and answers, yet included ledger data and installment card information were not influenced.
In an announcement, Yahoo said: "Hurray trusts an unapproved outsider, in August 2013, stole information connected with more than one billion client accounts. Hurray trusts this episode is likely particular from the occurrence the organization uncovered on September 22, 2016.
"As Yahoo already uncovered in November, law implementation gave the organization information documents that an outsider asserted was Yahoo client information. The organization broke down this information with the help of outside criminological specialists and found that it has all the earmarks of being Yahoo client information.
"In view of further investigation of this information by the measurable specialists, Yahoo trusts an unapproved outsider, in August 2013, stole information connected with more than one billion client accounts."
The organization included that its examination has persuaded a similar state-supported programmers were included in this recently uncovered assault.
In the announcement, Yahoo exhorted all clients to survey their online records for suspicious action and to change their passwords.
"Yippee urges clients to audit the greater part of their online records for suspicious movement and to change their passwords and security inquiries and answers for whatever other records on which they utilize the same or comparative data utilized for their Yahoo account," the announcement included.
The new hack disclosure could be a noteworthy hit to the battling web monster, which is offering its center working resources for Verizon for $4.8bn (£3.8).
The rupture unveiled in September, which influenced 500 million, as of now the greatest of its kind, had represented a risk of wrecking the arrangement with Verizon or bringing about a lessening in the cost.
In an announcement, Verizon said that it would assess the circumstance as Yahoo explores and would survey the "new advancement before achieving any last conclusions".
In November, Yahoo revealed that as a component of its examination, it had gotten information documents from law authorization "that an outsider asserted was Yahoo client information".
Utilizing outside measurable specialists, Yahoo affirmed this was client information yet included that it had "not possessed the capacity to recognize the interruption connected with this burglary".
The stolen client account data in the latest hack may have included names, email addresses, phone numbers, dates of birth, "hashed" passwords and, now and again, scrambled or decoded security inquiries and answers.
The programmers did not get passwords in clear content, installment card information or financial balance data.