Remember that Yahoo breach back in August 2013? Remember when it was reported that 1 billion Yahoo accounts, or a third of their users, were affected? Yeah, it’s worse than reported. Like, three times worse.
Yahoo parent company Verizon has announced the hack was much larger than first believed. All 3 billion Yahoo user accounts were affected.
Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.
Information stolen from the 3 billion accounts included names, email addresses, phone numbers, birth dates, hashed passwords, and security questions and answers (both encrypted and unencrypted). Clear text passwords, banking information, or credit/debit card info are not currently believed to have been accessed.
Chandra McMahon, Chief Information Security Officer, Verizon says Yahoo is taking steps to enhance security for its users:
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
Additional information regarding this issue is available on the Yahoo 2013 Account Security Update FAQs page.