Yahoo's 2013 data breach was far worse than what was earlier made to believe. In a shocking revelation, Yahoo, now part of Verizon Communications, said on Tuesday that an investigation showed all 3 billion of its user accounts were affected in a 2013 data theft, tripling its earlier estimate of the largest breach in history. But as the company says, the stolen information did not include passwords in clear text, payment card data, or bank account information.
Last December, Yahoo disclosed that data from over 1 billion user accounts was compromised in August 2013. Three months before that, the company also revealed another cyber-attack that occurred in 2014, which had affected 500 million accounts.
The company added that it discovered the new evidence while integrating the companies. It also tried to mitigate the blow by noting that when the 2013 breach was discovered and disclosed — in 2016 — the company “took action to protect all accounts.”
"Subsequent to Yahoo’s acquisition by Verizon (in June), and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Yahoo said.
Verizon, on its part added that it would continue to work closely with law enforcement. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources,” Chandra B. McMahon, Verizon’s chief information security officer, said in the statement.
Verizon bought Yahoo for $4.48 billion in June. But the deal was nearly derailed by the disclosure of the breaches and $350 million was cut from Verizon’s original offer. Yahoo was then combined with AOL into a new division of the telecommunications company called Oath.