On Tuesday, Yahoo issued a statement disclosing that upon further investigation of the 2013 breach the company believes all of its three billion accounts were impacted, not 1 billion liked previously thought. The revelation of 3 billion breached accounts means everyone who had a Yahoo account, and all the people who had registered for any Yahoo service such as Flickr or fantasy sports were affected.
The company, now a part of Oath after it was acquired by Verizon for $4.5 billion and merged with AOL, said that it discovered the new evidence while integrating the two companies.
The company explained that when the 2013 breach was discovered and disclosed in 2016, the company “took action to protect all accounts.” Those actions include notifying impacted users, requiring password changes and invalidating unencrypted security questions and answers so that they could not be used to access an account.
3 billion affected users is a significant hit to Verizon, which had received a discount of $350 million on their acquisition price for the company after initial findings of the security breach.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
Yahoo explains the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, passwords, and security questions and answers.
“The investigation indicates that the information that was stolen did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected,” said the company.
This news comes after the Equifax breach, which illustrates how some of the biggest companies can still be vulnerable to hackers.
Also, Yahoo released a set of guidelines to protect your account, which can be found here.