Yahoo suffered a data breach in 2013, which it disclosed in 2014 as having affected about 1 billion user accounts. That was a huge number, but one that pales in comparison to the latest update: the company now estimates that the data breach affected all of its 3 billion user accounts. That means no Yahoo account was left unaffected by the data theft.
The updated figure was announced this evening by Verizon, which now owns the company. The disclosure comes from Oath, which explains in its new security notice:
Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.
If you’re a Yahoo user and you didn’t receive a security notification during the initial disclosure in late 2014, you can expect that to change in the near future. This isn’t a new security concern, but does alert additional Yahoo users that they were likely affected by the data breach, too.
Oath says that its investigation found that the hackers likely didn’t steal clear text passwords, banking info, or payment card info. The company says that it is continuing to work with law enforcement, indicating that investigation is still an ongoing matter. Further details weren’t provided, however.