Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Alex Milan Tracy/SIPA USA/PA Images

Yahoo had said 1 billion accounts were hacked. Now, it's saying 3 billion were

“Whether it’s 1 billion or 3 billion is largely immaterial. Assume it affects you,” said a security expert.

YAHOO HAS TRIPLED down on what was already the largest data breach in history, saying it affected all 3 billion accounts on its service, not the 1 billion it revealed late last year.

The company announced yesterday that it has sent emails providing notice to additional user accounts affected by the August 2013 data theft.

The breach now affects a number that represents nearly “half the world”, said Sam Curry, chief security officer for Boston-based firm Cybereason, though there’s likely to be more accounts than actual users.

“Whether it’s 1 billion or 3 billion is largely immaterial. Assume it affects you,” Curry said. “Privacy is really the victim here.”

Yahoo first disclosed the breach in December . The stolen information included names, email addresses, phone numbers, birth dates and security questions and answers.

Following its acquisition by Verizon in June, Yahoo says, it obtained new intelligence while investigating the breach with help from outside forensic experts.

It says the stolen customer information did not include passwords in clear text, payment card data or bank account information.

Yahoo had already required users to change their passwords and invalidate security questions so they couldn’t be used to hack into accounts.

The disclosure is also a huge embarrassment for Verizon, which has just started running TV ads for its new subsidiary Oath, which will consist of Yahoo and AOL services.

Verizon spokesman David Samberg said the company has no regrets about buying Yahoo, despite the latest revelation.

Companies often don’t know the full extent of a breach and have to revise statements about how it affects customers years later, said Ben Johnson, co-founder and chief technology officer for Obsidian Security, based in Newport Beach, California.

Johnson said Yahoo might never know exactly what was accessed.

“The fact is attackers are having field days and the problem is only going to get worse,” he said.

Read: Snapchat shares plunge as it posts losses of over €2 billion

Read: US charges two Russian spies with hacking 500 million Yahoo accounts

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
7 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds