All 3 billion of Yahoo’s users as of 2013 were concerned by a data fraud the company initially said had only afflicted 1 billion users, Yahoo’s new parent said Tuesday.
That creates the Yahoo hack far and away the biggest in history, and more dents the fame of an Internet pioneer that was compelled to sell itself off after a progression of CEOs declined to revitalize its user and profit growth as Facebook and Google grew to dominate the digital ad market.
The added two billion data theft casualty came to light as Yahoo was being unified with Verizon, which bought the company in June for $4.5 billion after shaving the price in light of previous-disclosed breaches.
“During integration, the company newly got new intelligence and now believes, following an investigation with the help of outside forensic professionals, that all Yahoo user accounts were afflicted by the August 2013 theft,” the company said in a report posted on its website Tuesday.
Verizon agreed down its investment price for Yahoo by $350 million because of two huge breaches the online media company suffered. The first, in 2013, was believed to be the biggest reported data breach ever, associating the theft of data combined with more than one billion user accounts. Yahoo declared that breach in December 2016.
The other breach, which appeared in 2014 and was revealed by Yahoo in September 2016, afflicted at least 500 million Yahoo accounts and was supposed to have been the work of a state-bankrolled actor. Four people, including two Russian intelligence officers, were charged in that attack.
The discovery is black eye for new parent Verizon, unusually with cybersecurity risks in the limelight after the Equifax breach.
It could have been bad: the stolen information was mostly cramped to the users’ ID’s on Yahoo and their email addresses, but did not conclude passwords in clear text, payment card data, or bank account information.
Yahoo said it would send email notifications to the additional afflicted user accounts.
The company, then run by CEO Marissa Mayer, confessed in November that law enforcement officials had given it data files displaying what appeared to be victim that an unknown third party had access to Yahoo user data.
At the time, Yahoo brought in outside forensic professional and confirmed that the data was in fact from Yahoo users. It later said a breach afflicted more than one billion user accounts.
Yahoo said in 2016 it did not know who was behind the crime.
The company said that the attackers stole the user data from its system in August 2013. However it didn’t know when they had achieved entry to its network or how long they were there before they stole the user data.