When Yahoo announced that a billion users were affected by its 2013 hack, the internet weathered a collective cold sweat. But the story isn’t quite done yet.
The internet company’s parent firm Oath today released “new intelligence” regarding the breach.
No ad to show here.
“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Oath, also a subsidiary of Verizon, confirmed in a press release.
That’s three-billion users.
While Oath confirmed that the orchestrators of the hack did not steal “passwords in clear text, payment card data, or bank account information”, email addresses, passwords, telephone numbers and even birthdays were likely accessible.
‘All Yahoo user accounts were affected by the August 2013 theft’
“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts,” Oath added.
“The company required all users who had not changed their passwords since the time of the theft to do so.
“Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account.”
2013 wasn’t the only bad year for the once Google rival.
A year later, the company was left fumbling after it discovered that 500-million users were affected by a “state-sponsored” hack.
Oath confirmed that users will be receiving additional email notifications regarding the breach.