Yahoo on Tuesday said that all 3 billion of its accounts were hacked in a 2013 data theft, tripling its earlier estimate of the size of the largest breach in history.
Subsequent to Yahoo's acquisition by Verizon, and during integration, the company says that it "recently obtained new intelligence" and now believes, following an investigation with the assistance of outside forensic experts, that ALL Yahoo user accounts were affected by the August 2013 theft.
Yahoo says it is sending email notifications to the additional affected user accounts.
Yahoo, now part of Oath, added that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. For affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers, according to Yahoo.
"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, Chief Information Security Officer, Verizon. "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."
The news expands the likely number and claims of class action lawsuits by shareholders and Yahoo account holders, they said. Yahoo, the early face of the internet for many in the world, already faced at least 41 consumer class-action lawsuits in U.S. federal and state courts, according to company securities filing in May.
Yahoo said last December that data from more than 1 billion accounts was compromised in 2013, the largest of a series of thefts that forced Yahoo to cut the price of its assets in a sale to Verizon.