Yahoo today announced that the huge data breach in August 2013 affected every user on its service — that’s all three billion user accounts and up from the initial one billion figure Yahoo initially reported. Since disclosing the hack, Yahoo continued to add more numbers of accounts compromised, but today’s announcement makes it clear that if you had a Yahoo email account, you were part of the breach.
The hack exposed user account information, which includes name, email address, hashed passwords, birthdays, phone numbers, and, in some cases, “encrypted or unencrypted security questions and answers,” the company said back in 2016. Yahoo did confirm that passwords were not stolen in clear text, and hackers did not obtain bank or credit card information tied to the Yahoo accounts.
In the months following the announcement, the US Department of Justice charged Russian officials for “state-sponsored” crime relating to a separate Yahoo hack in 2014, with more lawsuits approved by a US District judge in San Jose, CA potentially forthcoming.
The news today comes four months after Yahoo was acquired by Verizon Communications (under a new division named Oath) for $4.48 billion — down $350 million from the initial offer due to the severity of the hacks.