In August 2013 affected every single customer account that existed at the time, Yahoo parent company Verizon said on Tuesday.
The total number of accounts attacked is 3 billion – and that includes Tumblr, Fantasy and Flickr. In 2016, Yahoo reported that the breach affected.
Names, email addresses and passwords, but not financial information, were breached, Yahoo said last year.
The new disclosure comes four months after Verizon (, Tech30) acquired Yahoo’s core internet assets for $4.48 billion. Yahoo is part of Verizon’s digital media company, which is called Oath.
Verizon revised the number of breached accounts to three billion after receiving new information.
“The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Verizon said in a statement.
Verizon did not want to provide information on who the outside forensics experts are.
Yahoo will send emails to the additional affected accounts. Following the hacking revelations last year, Yahoo required password changes and invalidated unencrypted security questions to protect user information.
Ben Johnson, chief technology officer at Obsidian Security, says Yahoo may never know exactly what was accessed. In any breach it’s safe to assume the number of affected accounts will be adjusted, he said.
We’ve comprised a list of other extremely damaging data breaches here.