Yahoo has announced that the massive data breach in August 2013 has affected every single user of its service – all three billion user accounts.
In a filing on Tuesday to the SEC, Yahoo has admitted the total number of user accounts accessed illegally by hackers in 2013 was the initial 500 million originally reported, nor the one billion it admitted to later, but every single Yahoo account – all three billion of them.
Yahoo, now acquired by Verizon, says it obtained “new intelligence” following a forensic investigation by cybersecurity experts to determine that its entire service was compromised.
An announcement by Yahoo, now a part of Oath (a Verizon division) read:
Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.
Further, Yahoo also claimed that the stolen account information did not include passwords in clear text, nor payment card data or bank account information. Once again, Yahoo is emailing affected users to notify them of the breach.
Yahoo first revealed a data breach where hackers stole information associated with “at least 500 million user accounts” in September 2016. By December, Yahoo said it “believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts.”
The breach cost Yahoo in its original $4.8 billion sale to Verizon. “Under the amended terms, Verizon and Yahoo have agreed to reduce the price Verizon will pay to acquire Yahoo’s operating business by $350 million,” a joint statement from Verizon and Yahoo read in February 2017. In March, the US Justice Department directly accused four Russian spies of instigating and carrying out the Yahoo hack.
Image credit: Flickr.