Yahoo has admitted that all 3 billion of its users' email accounts were affected by the 2013 hack. Last December the US firm said that around a third of its accounts had been compromised, however the company has now announced that every single one of its accounts had been breached.
It is the largest breach in history, with Yahoo now alerting users whose accounts were previously thought to be uncompromised. On a positive note Yahoo said that the investigation suggested that stolen information did not include passwrods, payment card data or bank account information.
“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,” Yahoo said on Tuesday.
The hack has already been a costly one for Yahoo and its executives. Marissa Mayer, Yahoo’s former chief executive, gave up her 2016 cash bonus following the incident and the company’s top lawyer, Ronald Bell, resigned in the wake of the hack. Consumer confidence in the service is also heading to an all-time low with some 43 users already filing lawsuits against the firm.
The latest investigation into the breach was launched by telecoms company Verizon who acquired Yahoo in a joint bid with AOL earlier this ear. Chandra McMahon, chief information security officer of Verizon, said the telecoms company’s investment in Yahoo was allowing the team to take ‘significant steps to enhance their security, as well as benefit from Verizon’s experience and resources’.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” she said.