A Yahoo security breach revealed in December 2016 was so bad that it made Verizon think twice about buying the internet company, but new reports show that the hack was even worse than initially thought.
According to a recent report from the Wall Street Journal, the security breach, which happened in August 2013, apparently affected not just over 1 billion users, but all 3 billion Yahoo accounts at the time.
Oath, the Verizon subsidiary into which Yahoo was merged, made the announcement in a filing with the SEC on Tuesday, which reads:
Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.
Yahoo has started sending email notifications to the additional accounts now believed to have also been affected and continues to work with law enforcement in the investigation of the incident. The company, however, has still not revealed who was behind the August 2013 cyberattack, which Yahoo claimed was a state-sponsored action. It has also not identified the country that backed the hackers.
Yahoo is presently under SEC investigation for not disclosing the data breach to outside parties sooner, thereby giving affected users the right to take legal action against the company.