Yahoo has tripled down on what was already the biggest data breach in history, saying it affected all 3 billion accounts on its service, not the 1 billion it revealed late last year.
The company formally announced Tuesday in that it has sent emails providing notice to additional user accounts affected by the August 2013 data theft.
The breach now affects a number in that represents nearly “half the world,” asserted Sam Curry, chief security officer for Boston-based firm Cybereason, though there’s likely to be more accounts than actual users.
“Whether it’s 1 billion or 3 billion is largely immaterial. Assume it affects you,” Curry said. “Privacy is really the victim here.”
Yahoo 1st acknowledged the breach in December . The- stolen information included names, email addresses, phone numbers, birthdates and security questions and answers.
Following its acquisition by Verizon in June, Yahoo says, it obtained new intelligence while investigating the breach with assist from outside forensic experts. It says the stolen customer information did not contain passwords in clear text, payment card data or bank account information.
Yahoo had already required users to alter their passwords and invalidate security questions so they couldn’t be used to hack in to accounts.
The disclosure is moreover a huge embarrassment for Verizon, which has just started running TV ads for its new subsidiary Oath, which will consist of Yahoo and AOL services.
Verizon spokesman David Samberg asserted the company has no regrets about buying Yahoo, despite the newest revelation.
Companies frequently don’t know the full extent of a breach and have to revise statements about how it affects customers years of time later, asserted Ben Johnson, co-founder and chief technology officer for Obsidian Security, based in Newport Beach, California. Johnson asserted Yahoo might never know absolutely what was accessed.
“The fact is attackers are having field days and the issue is only going to get worse,” he said.
Staff writer Michael Liedtke in San Francisco contributed to this report.