The massive breach of Yahoo looks like it was worse than the original stories, which were already bad, but now Yahoo has said that all 3 billion users had their accounts breached.
Yahoo first reported 1.5 billion accounts had been breached in 2013, something that was announced just days before Verizon acquired the search giant. Verizon, which now owns Yahoo, has said that the attack had breached every Yahoo account... which means 3 billion accounts were attacked.
Verizon disclosed the new findings after an internal investigation into the 3 billion account breach, working with the SEC. The filing reads: "Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft".
3 billion accounts had their phone numbers, birth dates, security questions and answers, as well as hashed passwords. Yahoo said last year that the breached data didn't include "passwords in clear text, payment card data, or bank account information". But the story got worse, as we found out the encryption technique used was outdated.
Verizon said that they are "committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats".
Chief Information Security Officer at Verizon, Chandra McMahon, said: "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources".