Latest in Gear

Image credit: Robert Galbraith / Reuters

Yahoo's 2013 hack impacted all 3 billion accounts

Not just one billion as previously announced -- it was all of them.
1564 Shares
Share
Tweet
Share
Save

Sponsored Links

Robert Galbraith / Reuters

Last year Yahoo (now part of Oath along with AOL after its acquisition by Verizon) announced that back in 2013, hackers had stolen info covering over one billion of its accounts. Today, the combined company announced that further investigation reveals the 2013 hack affected all of its accounts that existed at the time -- about three billion. The information taken "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers."

For users being notified of the hack now, the notification is that their information is included. At the time the breach was first announced, Yahoo required everyone who had not reset their passwords since the breach to do so. According to the FAQ posted, it doesn't appear there's any new action being taken.

The announcement isn't very specific about why or how it determined the breach was so much larger -- or how it was missed in the original forensic analysis, or how this happened in the first place -- likely due to pending lawsuits over the issue. This section of the statement is all it would say:

Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.

We should note, this is still separate from a 2014 hack that affected some 500 million accounts.

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

Source: Oath, Yahoo FAQ
In this article: 2013, AOL, breach, gear, hack, Oath, security, Verizon, Yahoo
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1564 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

View
Watch the 'Android' Nokia phone that never had a chance to exist

Watch the 'Android' Nokia phone that never had a chance to exist

View
TiVo tries running pre-roll ads before your recorded shows

TiVo tries running pre-roll ads before your recorded shows

View
YouTube CEO apologizes for channel verification mess (updated)

YouTube CEO apologizes for channel verification mess (updated)

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr