Latest in Gear

Image credit: Robert Galbraith / Reuters

Yahoo's 2013 hack impacted all 3 billion accounts

Not just one billion as previously announced -- it was all of them.
1564 Shares
Share
Tweet
Share
Save

Sponsored Links

Robert Galbraith / Reuters

Last year Yahoo (now part of Oath along with AOL after its acquisition by Verizon) announced that back in 2013, hackers had stolen info covering over one billion of its accounts. Today, the combined company announced that further investigation reveals the 2013 hack affected all of its accounts that existed at the time -- about three billion. The information taken "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers."

For users being notified of the hack now, the notification is that their information is included. At the time the breach was first announced, Yahoo required everyone who had not reset their passwords since the breach to do so. According to the FAQ posted, it doesn't appear there's any new action being taken.

The announcement isn't very specific about why or how it determined the breach was so much larger -- or how it was missed in the original forensic analysis, or how this happened in the first place -- likely due to pending lawsuits over the issue. This section of the statement is all it would say:

Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.

We should note, this is still separate from a 2014 hack that affected some 500 million accounts.

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

Source: Oath, Yahoo FAQ
In this article: 2013, AOL, breach, gear, hack, Oath, security, Verizon, Yahoo
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1564 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Wirecutter's best deals - Jabra Elite 85h Bluetooth headphones drop to $200

Wirecutter's best deals - Jabra Elite 85h Bluetooth headphones drop to $200

View
Homeland Security doesn’t want Americans' airport face scans after all

Homeland Security doesn’t want Americans' airport face scans after all

View
Qualcomm pushes for cheaper Snapdragon PCs with its 7c and 8c chips

Qualcomm pushes for cheaper Snapdragon PCs with its 7c and 8c chips

View
Microsoft's redesigned Office mobile apps read text out loud

Microsoft's redesigned Office mobile apps read text out loud

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr