All 3 billion Yahoo user accounts were compromised during a 2013 data breach, the company announced today. Previously, the company had said that only 1 billion accounts were affected.
Yahoo, which was sold to Verizon in June and recently rebranded as Oath, announced on its website that it is alerting all users about the data breach. According to the company’s investigation, the breach did not include clear passwords, credit card data, or bank account information.
The initial data theft happened in August 2013, and Yahoo discovered it in December 2016. At the time, Yahoo said the hack was likely a different theft than one that affected 500 million accounts in September 2016.
According to Oath, Yahoo discovered the scope of the total data theft only after Verizon’s acquisition, when new information came to light.
"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, chief information security officer for Verizon, in a statement on the Oath site.