Yahoo has landed in deep trouble once again, revealing that it highly underestimated the extent of the damage its August 2013 data breach had caused. It had initially reported that over 1 billion of its users had been affected, but now it’s saying that all 3 billion of them had been hit.
In brief, Yahoo had revealed that 500 million accounts got stolen in a 2014 state-sponsored attack in September 2016. This was followed up in December 2016 by the revelation that 1 billion out of its 3 billion users in 2013 had gotten hacked in a separate attack.
It’s the second one that’s of interest today. Yahoo says it’s recently obtained new intelligence and conducted an investigation with the help of forensic experts to conclude that all 3 billion Yahoo accounts were affected by the August 2013 hack.
Also Read: Yahoo is changing its name to Altaba
Yahoo has now gone into damage control mode, sending emails to victims informing them about the issue. It claims the people behind this didn’t manage to steal passwords in clear text, bank information, or payment card data.
Yahoo didn’t state what did get stolen, but its previous disclosure mentioned user names, birthdays, phone numbers, email addresses, hashed passwords, and encrypted or unencrypted security questions and answers. This is pretty serious considering the 4 years that have passed since the attack took place.
Verizon bought Yahoo for $4.4 billion earlier in 2017, lower than its initial offer after all the hacking drama. The latter has now been lumped together with AOL and others brands under a Verizon subsidiary called Oath.