• / Free eNewsletters & Magazine
  • / My Account
Home>Yahoo Triples Estimate of Breached Accounts to 3 Billion -- 2nd Update

Yahoo Triples Estimate of Breached Accounts to 3 Billion -- 2nd Update

Yahoo Triples Estimate of Breached Accounts to 3 Billion -- 2nd Update

10/04/2017

 By Robert McMillan and Ryan Knutson 

A massive data breach at Yahoo in 2013 was far more extensive than previously disclosed, affecting all of its 3 billion user accounts, new parent company Verizon Communications Inc. said on Tuesday.

The figure, which Verizon said was based on new information, is three times the 1 billion accounts Yahoo said were affected when it first disclosed the breach in December 2016. The new disclosure, four months after Verizon completed its acquisition of Yahoo, shows that executives are still coming to grips with the extent of the security problem in what was already the largest hacking incident in history by number of users.

A spokesman for Oath, the new name of Verizon's Yahoo unit, said the company determined last week that the break-in was much worse than thought, after it received new information from outside the company. He declined to elaborate on the source of that information. Compromised customer information included usernames, passwords, and in some cases telephone numbers and dates of birth, the spokesman said.

The disclosure is the latest chapter in a long-running saga that tattered the reputation of a former Silicon Valley icon and continues to spawn problems for its new owner. It began in September 2016, two months after Verizon agreed to acquire the fallen internet pioneer, with Yahoo first disclosing a separate attack that took place in 2014 and affected 500 million accounts. Yahoo later revealed the larger 2013 incident.

Several other major cyberattacks have focused attention on the vulnerability of big companies that possess enormous amounts of vital personal information about their customers.

On Tuesday, lawmakers slammed former Equifax Inc. Chief Executive Richard Smith for his company's handling of a data breach that affected more than 140 million consumers. The Securities and Exchange Commission and the accounting firm Deloitte also disclosed major hacks in recent weeks.

The number of individuals affected by the 2013 attack is smaller than 3 billion, because some people have multiple accounts across Yahoo's sites, including email, fantasy sports, Tumblr and Flickr, the spokesman said. He said Oath will immediately begin notifying the users who own the additional roughly 2 billion accounts. That is expected to take several days and occur via email, the spokesman said.

Victims won't need to take any additional action, however, because Yahoo already forced all account holders to reset their passwords after the initial December 2016 disclosure.

©2017 Morningstar Advisor. All right reserved.