Yahoo! Inc. disclosed a second major security breach that may have affected more than 1 billion users, giving an update on its probe into hacks on its system before the sale of its main web businesses to Verizon Communications Inc.

The company said in a statement that it hasn’t been able to identify the “intrusion” associated with this theft by a third party in August 2013.

“Yahoo believes this incident is likely distinct from the incident the company disclosed” in September, according to the statement. The shares dropped as much as 2.6 percent in extended trading after the announcement.

At that time, Yahoo said the personal information of at least 500 million users was stolen in an attack on its accounts in 2014, exposing a wide swath of its users ahead of the Verizon deal. The attacker was a “state-sponsored actor,” and stolen information may have included names, email addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, unencrypted security questions and answers, Yahoo has said.

In the 2013 hack disclosed Wednesday, Yahoo said compromised user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

In November, Yahoo gave an update to investors on its internal review of the hack, saying an independent board committee is investigating how many employees at Yahoo knew about the breach.

Chief Executive Officer Marissa Mayer has tried to navigate questions about the security of the web portal’s products while preparing for Verizon to acquire the core internet operations. Yahoo said last month the $4.8 billion deal is still expected to close in the first quarter of next year.