Verizon, who currently owns Yahoo, the once-formidable software giant, revealed that three billion Yahoo accounts were breached in 2013.
The announcement revealed that the massive data breach in August 2013 affected every single Yahoo account. This is a three-fold increase over the one billion estimate the company had previously disclosed.
What stands out is the fact that the company waited for four years to discover and publicly admit to the breach.
The breach, which Yahoo announced in September last year, occurred back in 2013. Account details including email addresses, hashed passwords, and phone numbers were stolen.
In its defence, Yahoo blamed the attack on a "state-sponsored actor", but there wasn’t any clarity on who hacked the company and how the cyber thugs pulled off the attack.
Interestingly, Verizon only learned about the hacking incident two days before Yahoo publicly disclosed it.
Prior to the 2013 confirmed breach, Yahoo had already been investigating another leak. In August of the same year, an anonymous hacker was found selling a database with login details on 200 million Yahoo accounts.
In the 2013 breach, stolen email addresses alone put users at risk of spam attacks and the additional information could be used to trick users into divulging more information about themselves.
The stolen data from Yahoo also includes the security questions and answers used to protect their accounts. However, Yahoo commented that investigators don't believe the stolen information included passwords in clear text, payment card data, or bank account information.
The Yahoo acquisition wasn’t a particularly smooth ride for Verizon, and was embroiled in controversy even before the deal was closed.
Verizon initially made an offer last July, for USD 4.83 billion in cash. But the deal hit a number of speed bumps after it was revealed that Yahoo had been subject to multiple major data breaches. Verizon decided to pull through anyway, ultimately shaving USD 350 million off the purchase price.