All of Yahoo’s 3 billion user accounts in 2013 were affected by its massive data breach – not the 1 billion accounts that were initially reported, the company said Tuesday.
The revised number vastly expands the scope of the historic hack, which had previously broken records as the world’s largest data breach. The updated figure comes as the public is still reeling from back-to-back reports of data breaches at Equifax and the fast-food chain Sonic.
News of the Yahoo breach broke last summer as it was being acquired by Verizon. The incident raised major questions about whether Verizon should go through with the deal, and it delayed its closing by several months. But now, Yahoo is pointing to “new intelligence” that persuaded it that the scope of the data breach was far more significant.
“All Yahoo user accounts were affected by the August 2013 theft,” Yahoo admitted in a statement. “While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts.”
Yahoo added that no credit card information or unencrypted passwords associated with the additional affected accounts appear to have been stolen. The revised number of accounts includes those that may not have been “active” users at the time, meaning account holders who do not regularly log in, according to a person familiar with the matter, who spoke on condition of anonymity to discuss the investigation.