- All of the approximately 3 billion Yahoo user accounts in existence in 2013 were impacted by the data breach that year, the company announced Tuesday.
- Last year, Yahoo disclosed that 1 billion user accounts were impacted by the 2013 data breach. Following Verizon's acquisition of Yahoo and a subsequent forensic investigation, the company now believes all of its 3 billion user accounts were impacted at the time.
- Yahoo, now a part of Verizon's Oath, emphasized that the additional accounts that were impacted did not stem from a new security incident. The company sent email notifications to the additional users impacted. The stolen user account information did not include "passwords in clear text," payment data or bank account information.
When Yahoo disclosed its initial data breach in 2016, it triggered password resets across all accounts and invalidated security questions and answers that were unencrypted. Because the company already took steps to lessen the potential impact on users, Yahoo’s disclosure today was about providing transparency.
Yahoo’s recent disclosures triple the number of accounts thought to be compromised. Prior to Tuesday’s disclosure, Yahoo already held the mantle for suffering the worst data breach in history — now its infamy is solidified.
The IT industry has been plagued recently with news of large-scale, high-impact breaches. Though Yahoo had the most records exposed, other breaches compromised far more sensitive data. Deloitte recently had a cyber incident compromising its private emails, which had the potential to impact proprietary information disclosed inside the documents. The Equifax breach is also shaping up to be one of the worst breaches in history, impacting 145.5 million consumers and exposing sensitive information, such as social security numbers and driver's license numbers.
There are plenty more modern examples of cybersecurity incidents that should put IT experts on notice. But security teams continue to make the same mistakes and many companies are not putting enough emphasis on establishing secure technology and processes.