Yahoo reveals 2013 hack hit 3bn accounts

By:
James Pearce
Published on:

Verizon-owned Yahoo has revealed a 2013 hack, described as one of the biggest of all time, actually hit its entire base of 3bn - three times the amount it originally thought had been breached

A 2013 hack that has been described as one of the biggest publicly-disclosed breaches of all time impacted customer accounts of three times more people than first believed, according to Verizon-owned Yahoo.

Yahoo, now part of Verizon subsidiary Oath, said that the data breach, which was first disclosed in December 2016, may have impacted all three billion of its user accounts, compared with the one billion figure first reported.

Yahoo unveiled the figure on its account security page, having carried out a forensic investigation into the hack. The investigation found that more accounts had been hacked than first believed, but also indicated the stolen information did not include passwords in clear text, payment card data or bank account information.

The investigation was carried out as part of Yahoo’s integration with Verizon, part of a $4.5 billion acquisition that closed in June. Verizon initially agreed to buy the internet services firm for $4.9 billion, but reports of two hacks – the one mentioned above, and another separate incident that occurred in 2014 – led the US telco to seek a $350 million discount.

Yahoo said that, in light of the new information uncovered by investigators, it is “sending email notifications to the additional affected user accounts.”

"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, chief information security officer, Verizon.

"Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."

The hack has been a costly one for the firm. Former CEO Marissa Mayer gave up her 2016 cash bonus following the incident and the company’s top lawyer, Ronald Bell, resigned in the wake of the hack and the other breaches.

The company is also facing significant legal action over the two breaches, the latter of which impacted around 500 million accounts but was disclosed first, with 43 class-action lawsuits filed against the company so far, according to a Securities and Exchange Commission filing. Yahoo has also notified the SEC of the updated figures.