Remember the big Yahoo! data breach where a billion user accounts where compromised? Turns out it was really 3 billion, or every single Yahoo! account.
Yahoo! revealed at the end of 2016 it was the target of a massive hack in 2013 where user names, passwords, phone numbers, email address, and more were stolen. At the time, Yahoo! said the breach impacted a billion account holders.
The internet search company has since been purchased by Verizon and it turns out the hack was much worse than originally reported. Yahoo! said in a statement,
Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.
Last December Yahoo! CISO Bob Lord said, “We believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts.”
While that statement is technically accurate because there really were more than a billion Yahoo! user accounts compromised, it doesn’t do justice to the real magnitude of the security breach. Instead of a third of Yahoo! users, the breach affected everyone.
Yahoo! also had security breaches in 2014 and 2015, although those impacted fewer users.
When it appeared that a billion users were impacted by the breach US$350 million was cut off from the price Verizon paid for Yahoo! and had the full scope of the hack been known, it most likely would’ve dropped even more.
Yahoo! has a history of similar security breaches, although not nearly on this scale. Still, any security breach is bad and Yahoo! seems to be shooting for a trophy.
If you have a Yahoo! account and haven’t changed your password recently now would be a good time to do that.