Yahoo has confirmed that every single account that existed in August 2013 was likely compromised in a massive data breach, bringing the total affected to three billion. This means the affected victim pool is three times larger than the initial one billion accounts reported in December 2016.
"In 2016, Yahoo took action to protect all accounts, including directly notifying impacted users identified at the time, requiring password changes and invalidating unencrypted security questions and answers so that they could not be used to access an account. Yahoo also notified users via a notice on its website," the company reported Tuesday.
The breach enabled attackers to access email addresses, passwords, telephone numbers, and birthdates. New information indicates stolen data did not include plaintext passwords, bank account information, or payment card data. Yahoo is notifying additional user accounts affected by the 2013 breach.
This update comes after new intelligence was collected during Yahoo's integration into Verizon, which is folding both Yahoo and AOL into a new subsidiary called Oath.
Read more details here.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.