3 Billion Yahoo Accounts Hacked in August 2013 Security Breach

Yahoo security breach revealed in December 2016 was so bad that it made Verizon think twice about buying the internet company, but new reports show that the hack was even worse than initially thought.

According to a recent report from the Wall Street Journal, the security breach, which happened in August 2013, apparently affected not just over 1 billion users, but all 3 billion Yahoo accounts at the time.

Yahoo said that the stolen data does not include clear-text passwords, credit card details, or bank account information. Instead, the compromised data included phone numbers, birth dates, scrambled passwords, and security questions with answers.
At that time, Yahoo did confirm that hackers did not obtain bank account details or credit card information tied to the Yahoo accounts.

Oath, the Verizon subsidiary into which Yahoo was merged, made the announcement in a filing with the SEC on Tuesday, which reads:

Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.

Yahoo has started sending email notifications to the additional accounts now believed to have also been affected and continues to work with law enforcement in the investigation of the incident. The company, however, has still not revealed who was behind the August 2013 cyberattack, which Yahoo claimed was a state-sponsored action. It has also not identified the country that backed the hackers.

Yahoo is presently under SEC investigation for not disclosing the data breach to outside parties sooner, thereby giving affected users the right to take legal action against the company.