The largest hack in history just became triple the trouble for Yahoo.
Yahoo said Tuesday that every single one of its 3 billion accounts were hacked in a 2013 breach. The company broke the record for the largest data breach when it announced in December that 1 billion accounts were hacked in an attack in 2013. That number just tripled after further investigation from Yahoo on Tuesday.
After Verizon took over Yahoo in a $4.48 billion deal in June, the company investigated further and discovered that it was actually 3 billion accounts affected — meaning every account ever registered on Yahoo. To put that in perspective, that’s more users than every person on Facebook, Instagram and Twitter combined.
“Following an investigation with the assistance of outside forensic experts, [we believe] that all Yahoo user accounts were affected by the August 2013 theft,” Suzanne Philion, an Oath spokeswoman said in a statement on Tuesday.
It’s a landmark development for an already historic breach, as weak cybersecurity affects everything from elections to hospitals. The announcement came on the same day that Congress members criticized.
Yahoo said it’s not a new breach, just 2 billion additional users affected by the attack from August 2013. It’s sent a notification to all its users, telling them that the company had taken action in 2016 to protect all accounts, requiring password changes and blocking access from accounts with unencrypted security questions.
The information stolen from the massive breach did not include passwords in clear text, payment card data or bank account information. Yahoo is still working with law enforcement to determine who was behind the attack.
Yahoo still holds the record for the first and second largest breach in history, though now the gap has widened much further. It also suffered a major cyberattack in 2014 where 500 million user accounts were stolen.
Verizon was originally supposed to buy Yahoo for $4.83 billion, but cut the price by $350 million in February after its security scandal. Yahoo is still reportedly under investigation from the US Securities and Exchange Commission for failing to alert users in time.
It’s unclear how much more Verizon would have cut the price by if the 3 billion affected users were announced before the purchase. Verizon declined to comment beyond the press release.
“Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security,” Verizon’s chief information security officer Chandra McMahon said in a statement.
Updated at 2:35 p.m. PT: To provide more details on Yahoo’s hack.
CNET Magazine: Check out a sample of the stories in CNET’s newsstand edition.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.