Yahoo said on Tuesday that all 3 billion of its user accounts were hacked in a 2013 data theft, tripling its earlier estimate of the size of the largest breach in history. Yahoo will begin alerting accounts that weren't previously notified of the attack.
However, the company said the investigation indicated that the stolen information did not include passwords in clear text, payment card data, or bank account information.
The company said it was sending email notifications to additional affected user accounts. "The company is continuing to work closely with law enforcement", the announcement said in a statement. This will now be required of the additional two billion breached accounts.
However, if anyone affected reused those same security questions on other accounts, experts urged that they be changed. Yahoo says that the information stolen was encrypted using the MD5 algorithm, which was considered insecure even at that time. The hackers not only targeted passwords, birthdays, contact numbers, email addresses and names of email accounts but also Fantasy, Flicker, and Tumblr accounts.
It goes without saying that if you have an older Yahoo account and it's been a while since you changed its password, now is probably a good time. Or, in this case, some new information about Yahoo's 2013 security breach.
Yahoo has now disclosed that its hacking breach is more extensive than it had first thought, affecting 3B of its users.
"It's hard to imagine any circumstance in which an organization committed to security could have all network segmentation, policies, and security measures bypassed completely". "This goes to show that a seemingly small gap in security can be devastating and have prolonged implications for any business".