Web services provider Yahoo! has found itself in hot water amidst a new revelation of its August 2013 hacking scandal.
Three billion Yahoo accounts – that’s every account that existed at the time of the hacking – are confirmed to have had been compromised by the data breach. This is triple the one billion accounts the company disclosed in December 2016 to have been affected by the 2013 hacking, cementing it as the biggest data breach of all time.
Yahoo stated this information was obtained after acquiring new intelligence and conducting an investigation with contracted forensic experts, all following its acquisition by telco giant Verizon. Verizon bought Yahoo’s core internet business in June 2017 for $4.83 billion, merging it with online provider AOL under Verizon’s digital media company, Oath.
In a statement, Verizon Chief Information Security Officer Chandra McMahon said the company proactively works to ensure the safety and security of its users and networks in an evolving landscape of online threats.
Yahoo confirmed the extra two billion accounts had the same user account information stolen – including names, email addresses, telephone numbers, and date of birth – as the one billion accounts disclosed in December 2016, and that the company is continuing to ‘work closely’ with law enforcement.
“The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information,” a disclosure filed with the SEC reads.
Following the December 2016 revelation, Yahoo required users to change their passwords and security questions for affected accounts. This will now be required of the additional two billion breached accounts.
This is not the first time Yahoo has been under fire for comprising account safety. In September 2016, Yahoo disclosed that 500 million of its accounts had been affected in a similar 2014 hacking scandal.
It goes without saying that if you have an older Yahoo account and it's been a while since you changed its password, now is probably a good time.
Additional information regarding the security breaches and privacy concerns can be found here.