Company now claims all 3bn accounts were hacked in 2013
US telecoms giant Verizon Communications, which acquired Yahoo this year, now believes that 2013 security breach went much further than expected and had exposed sensitive information of all of its three billion users.
The latest investigation has also revealed that the stolen information did not include passwords in clear text, payment card data, or bank account data, the company has added. Media reports suggest that intruders have obtained all the security questions and backup email addresses of Yahoo users.
Yahoo had reported last year that the 2013 security breach has affected a billion account users. But the latest announcement triples its earlier estimate of the largest breach in history: “It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account.”
Confirming the massive cyber-attack, Verizon’s chief information security officer Chandra McMahon has stated: “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats.”
“Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
Verizon bought Yahoo for $4.48 billion in June this year, after reducing $350 million from the original offer, after the latter became a victim of two significant security breaches. Yahoo was later combined with AOL into a new division of the telecommunications company called Oath.