Yahoo has announced that a security breach they suffered four years ago is far worse than publicly detailed.
When the news and search company was attacked and suffered a data theft in 2013, it was reported that only one billion accounts were affected. Now it turns out all three billion Yahoo accounts were affected by the lapse in security. Yahoo revealed the original breach in December 2016, and is now shedding more light on the massive amount of users affected.
The hack allowed malicious users to access email addresses, telephone numbers, passwords, birthdays and more. It did not include bank account information or payment card data.
“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts,” the company wrote. “Yahoo required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,”
Yahoo will begin to notify accounts that were not previously notified about the privacy intrusion.
Verizon officially acquired Yahoo earlier this year for just under $4.5 billion and formed a subsidiary that includes another acquisition, AOL.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer at Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”