San Francisco: After revealing last year that a data breach in 2013 affected its one billion user accounts, Yahoo has now announced that all of its users — nearly 3 billion at that time — were impacted by the massive hacking.
Yahoo, now part of Oath — a subsidiary of American telecommunications conglomerate Verizon — said late on Monday that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2016.
At that time, Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected.
“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Yahoo said in a statement.
Yahoo is now sending email notifications to the additional affected user accounts.
“The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement,” the statement further said.
According to Jason Hart, Vice President and Chief Technology Officer for data protection at Gemalto, the Yahoo breach would be the largest data breach of all time.
“While it is ‘news’ that Yahoo is making another announcement about its 2013 breach, it should be more concerning that it’s taken almost four years to get to the bottom of a breach of this magnitude,” Hart said in a statement.
“If Yahoo, one of the largest tech companies in the world, struggled with security, how can other companies combat these bad actors?” he added.
Yahoo was acquired by Verizon for $4.48 billion.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon.
“Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources,” McMohan added.
Last year, Yahoo disclosed a new security breach that may have affected more than one billion user accounts.
“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” said Bob Lord, Chief Information Security Officer, Yahoo.