Remember when Yahoo revealed that the one billion user accounts had been compromised by a breach in 2013? Well it turns out that the breach was far worse than expected.
Yahoo (which is now part of Verizon firm Oath) disclosed yesterday that every single user using the service in 2013 was compromised in the breach of its services.
“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Yahoo wrote.
That translates into approximately three billion user accounts.
Users can rest somewhat easier in the comfort that their passwords weren’t in clear text and that card data or bank account information did not form part of the data that was compromised.
Now this breach is incredibly worrying for a number of reasons. First and foremost it has now taken Yahoo four years to disclose that every single one of its users had their data compromised. It is also close on a year since Yahoo disclosed that one billion user accounts were compromised.
It’s also worth mentioning that it has been four months since Verizon closed an acquisition of Yahoo for $4.48 billion.
It should go without saying that users who still use the same password and username combination as they did in 2013 should consider changing those details in earnest.