In September, Yahoo admitted that 500 million of its accounts had been hacked in 2014, but now, a new revelation on Wednesday has shown an even bigger hacking problem, with 1 billion accounts being compromised in 2013.

The security problems plaguing Yahoo have apparently been going on for some time, as in 2012, 450,000 accounts were breached and spam attacks launched.

However, the company failed to take measures to step up its security, citing customer inconvenience as well as the cost of making such changes. Then, in 2013, 1 billion accounts were breached before the 2014 hacking attack.

–U.S. officials: Putin personally involved in election hacking–

Because of the revelation of the 2013 account, which was not even known until the company began analyzing data files from law enforcement, Yahoo will be forcing the affected users to change their passwords and will also be invalidating unencrypted security questions, steps that the company did not take in September.

“What’s most troubling is that this occurred so long ago, in August 2013, and no one saw any indication of a breach occurring until law enforcement came forward,” said Jay Kaplan, the chief executive of Synack, a security company. “Yahoo has a long way to go to catch up to these threats.”

The 2013 and 2014 attacks are the largest known security breaches of a single company’s network.