- Share this article on Facebook
- Share this article on Twitter
- Share this article on Email
- Show additional share options
- Share this article on Print
- Share this article on Comment
- Share this article on Whatsapp
- Share this article on Linkedin
- Share this article on Reddit
- Share this article on Pinit
- Share this article on Tumblr
Yahoo has tripled down on what was already the largest data breach in history, saying it affected all 3 billion accounts on its service, not the 1 billion it revealed late last year.
The company announced Tuesday that it is providing notice to additional user accounts affected by the August 2013 data theft.
The breach was previously disclosed by the company in December. The stolen information included names, email addresses, phone numbers, birthdates and security questions and answers.
Following its acquisition by Verizon in June, Yahoo says, it obtained new intelligence while investigating the breach with help from outside forensic experts. The company says the stolen customer information did not include passwords in clear text, payment card data or bank account information.
Yahoo had already required users to change their passwords and invalidate security questions so they couldn’t be used to hack into accounts.
“Whether it’s 1 billion or 3 billion is largely immaterial. Assume it affects you,” said Sam Curry, chief security officer for Boston-based firm Cybereason. “Privacy is really the victim here.”
The disclosure is also a huge embarrassment for Verizon, which has just started running TV ads for its new subsidiary Oath, which will consist of Yahoo and AOL services.
Sign up for THR news straight to your inbox every day