The largest hack in history just got three times worse. In December 2016, Yahoo disclosed that more than one billion accounts had likely been affected by the cyber attack that took place in 2013, making it the largest data breach ever. Today, the company has disclosed that the number was actually 3 billion, means all of Yahoo’s accounts at the time.
On Tuesday, in its disclosure, Yahoo revealed that every single one of its 3 billion accounts got hacked in a 2013 breach.
The new information stems from an investigation that followed Yahoo’s acquisition by Verizon in June. “Following an investigation with the assistance of outside forensic experts, we believe that all Yahoo user accounts were affected by the August 2013 theft,” Suzanne Philion, a spokeswoman for the Verizon unit Oath, said in a statement on Tuesday. Yahoo is now part of a Verizon subsidiary named Oath.
At the time when Yahoo first disclosed the breach, it sent a notification to all its users, telling them that it had taken action to protect all accounts, requiring password changes and blocking access from accounts with unencrypted security questions.
Yahoo says that the information stolen in the massive breach did not include passwords or bank information and that they are still working with law enforcement to determine who was behind the attack. The stolen information included names, email addresses, phone numbers, birthdates, security questions, and answers.
Yahoo admitted that 500 million accounts were stolen in 2014, then the number grew to a further 1 billion stolen in 2013. After that, it learned that a further 32 million accounts were compromised from 2015 to 2016 in a forged cookie attack.
The news today comes four months after Yahoo was acquired by Verizon Communications (under a new division named Oath) for $4.48 billion — down $350 million from the initial offer due to the severity of the hacks. Verizon spokesman David Samberg said the company has no regrets about buying Yahoo, despite the latest revelation.