Yahoo just said every single account was affected by 2013 attack — 3 billion in all

Read Article at CNBC

  • Yahoo said every single account was affected by a data breach in 2013; originally, the company said 1 billion out of 3 billion accounts were affected.
  • Yahoo is now part of a Verizon subsidiary named Oath.
  • Yahoo and Oath disclosed the new information on Tuesday evening.

Todd Haselton | @robotodd | CNBC

Published 17 Hours Ago Updated 2 Hours Ago

Yahoo on Tuesday said that every single Yahoo account was affected by a data breach that took place in 2013.

In 2016, Yahoo disclosed that more than one billion of about three billion accounts had likely been affected by the hack. In its disclosure Tuesday, the company said all accounts were likely victimized.

Yahoo included the finding in a recent update to its Account Security Update page, saying that it found out about the wider breach through new intelligence obtained during the company’s integration into Verizon Communications. Outside forensic experts assisted in the discovery, the company said.

“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,” Yahoo said Tuesday.

Yahoo said it will begin alerting accounts that weren’t previously notified of the attack.

In 2013, a breach allowed attackers to steal email addresses, passwords, birth dates, telephone numbers and more. The new investigation indicated that stolen information didn’t include passwords in clear text, payment card data or information about bank accounts.

Verizon finished its acquisition of Yahoo in June and is folding it, with AOL, under a new subsidiary named Oath.