Just over a year ago, Yahoo admitted that it had been hacked in 2013, and estimated that 500 million accounts had been compromised (the company blamed state-sponsored actors, and federal prosecutors have indicted two Russian spies for ordering the operation). Now the company has admitted that all three billion of its accounts were affected.
The hackers stole usernames, email addresses, answers to password recovery questions, weakly encrypted passwords, telephone numbers and addresses.
Yahoo is now a division of Verizon, a close contender for worst company in America. It is now called Oath, because why not.
Besides the updated figure that all accounts were compromised in the earlier 2013 breach, the updated status page offered no new information. Still, the news is significant, in large part because it comes on the heels of a recently updated estimate from credit reporting service Equifax that a breach of its network exposed sensitive data for 145.5 million US consumers, up from a previous estimate that 143 million consumers were affected. Yahoo's previous one-billion account estimate already made the 2013 hack one of the biggest in terms of the number of people affected. The tripling of that estimate is sure to make it stand out even more.
Yahoo says all 3 billion accounts were compromised in 2013 hack
[Dan Goodin/Ars Technica]