“We have not been able to identify the intrusion associated with this theft. We believe this incident is likTely distinct from the incident we disclosed on September 22, 2016,” the company said. The stolen information did not include passwords in clear text, payment card data, or bank account information.It’s believed that an unauthorized third party accessed the proprietary code to learn how to forge cookies. “We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.” Yahoo is forcing now all of the affected users to change their passwords and invalidating unencrypted security questions as a requested action to security. They also hardened their systems to secure them against similar attacks. On the Yahoo Safety Center Page are presented recommendations on how to stay secure online.