Latest in Gear

Image credit: Robert Galbraith / Reuters

Yahoo's 2013 hack impacted all 3 billion accounts

Not just one billion as previously announced -- it was all of them.
1564 Shares
Share
Tweet
Share

Sponsored Links

Robert Galbraith / Reuters

Last year Yahoo (now part of Oath along with AOL after its acquisition by Verizon) announced that back in 2013, hackers had stolen info covering over one billion of its accounts. Today, the combined company announced that further investigation reveals the 2013 hack affected all of its accounts that existed at the time -- about three billion. The information taken "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers."

For users being notified of the hack now, the notification is that their information is included. At the time the breach was first announced, Yahoo required everyone who had not reset their passwords since the breach to do so. According to the FAQ posted, it doesn't appear there's any new action being taken.

The announcement isn't very specific about why or how it determined the breach was so much larger -- or how it was missed in the original forensic analysis, or how this happened in the first place -- likely due to pending lawsuits over the issue. This section of the statement is all it would say:

Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.

We should note, this is still separate from a 2014 hack that affected some 500 million accounts.

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

Source: Oath, Yahoo FAQ
In this article: 2013, AOL, breach, gear, hack, Oath, security, Verizon, Yahoo
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1564 Shares
Share
Tweet
Share

Popular on Engadget

Pioneering NASA mathematician Katherine Johnson dies at 101

Pioneering NASA mathematician Katherine Johnson dies at 101

View
Huawei's smart speaker will be available outside of China, but not the US

Huawei's smart speaker will be available outside of China, but not the US

View
Microsoft confirms Xbox Series X will have a 12 teraflop GPU

Microsoft confirms Xbox Series X will have a 12 teraflop GPU

View
Amazon drops the Fire TV Cube to its best-ever price

Amazon drops the Fire TV Cube to its best-ever price

View
Watch Sony's Xperia event in 7 minutes

Watch Sony's Xperia event in 7 minutes

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr