OCT. 3, 2017 Yahoo said new intelligence indicates that every single account on its system at the time of the 2013 data […]
OCT. 3, 2017
Yahoo said new intelligence indicates that every single account on its system at the time of the 2013 data breach was affected.
It had previously admitted around 1 billion accounts were affected, but said it now believed this figure stood at 3 billion accounts.
“Based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected,” it said.
The breach, which was first revealed by Yahoo last December, saw email addresses, passwords, telephone numbers and birth dates at risk of having been taken.
However, the stolen information did not include payment or bank account details.
At the time, Yahoo had urged all its users to change its passwords, though had specifically notified the 1 billion user accounts it thought were compromised.
Yahoo has now sent emails to the additional 2 billion users believed to be affected.
The news of the breach last December followed its warning just months earlier that it had been hit by a “state-sponsored attack” in 2014, in which it lost the details of at least half a billion users, including eight million from the UK.
Yahoo said forensic experts discovered the new information relating to the hack after it was folded into the AOL brand, under the new name Oath.
Verizon decided to merge the two businesses after its purchase of Yahoo’s mail service, news and finance service, and the Flickr and Tumblr social networks completed in June.
The price Verizon paid for the Yahoo businesses was cut by $350m after both the 2013 and 2014 data breaches were revealed.
The remainder of Yahoo, which Verizon did not buy, comprised of stakes in the Chinese retailer Alibaba and Yahoo Japan, and was renamed Altbaba.