Dominic Rushe
3 October 2017

Yahoo said on Tuesday that every one of its 3bn accounts was affected by a 2013 data theft at the tech company, tripling its earlier estimate of the largest breach in history.

The company, now part of Verizon Communications, said last December that data from more than 1bn user accounts was compromised by hackers in August 2013.

Yahoo included the finding in an update to its account security update page. The company said it will begin alerting accounts that were not previously notified of the attack.

However, the company said the latest investigation indicated that the stolen information did not include passwords in clear text, payment card data, or bank account information.

“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,” Yahoo said on Tuesday.

The latest disclosure of the massive hack came on the same day that the former boss of credit agency Equifax was grilled in Congress over a breach in its systems that compromised the social security numbers, credit card details and other personal information of 145.5 million people.

The hack has been a costly one for Yahoo and its executives. Marissa Mayer, Yahoo’s former chief executive, gave up her 2016 cash bonus following the incident and the company’s top lawyer, Ronald Bell, resigned in the wake of the hack and the other breaches.

Some 43 consumer class-action lawsuits have been filed against the company, Yahoo said in a May filing with the Securities and Exchange Commission.

Verizon in February lowered its original offer by $350m for Yahoo assets in the wake of two huge cyber-attacks at the internet company.

The closing of the deal, which was first announced in July, had been delayed as the companies assessed the fallout from two data breaches that Yahoo disclosed last year. The company paid $4.48bn for Yahoo’s core business.


https://www.theguardian.com/technolo...y-2013-hacking