Yahoo revealed in December 2016 that about one billion accounts were breached in the August attack of 2013.
But now, the numbers have been corrected and publicized to fit a more realistic count.
The latest revelation is much more shocking than the original.
The company has now made a statement three billion accounts were breached in the infamous hack of four years ago.
This means that all the three billion user accounts that existed during that time have been breached. It is one of the biggest hacks ever reported, and a very expensive one for the company.
The announcement comes amidst the unveiling of fresh information from an analysis performed by cybersecurity experts. This led to the identification of more user accounts that were subjected to the hack.
The company’s officials revealed in an update that they suspected all accounts to be affected.
However, the company did not provide any specific details regarding how the initial analysis managed to miss the latest information.
Data Involved in Hack
The information that could have been stolen in the hack would likely include usernames, email IDs, telephone numbers, passwords, date of birth, and other such account data.
However, according to investigators, it is not likely that the data breach included passwords on payment cards or bank account details.
The company further states that the hack would not have taken any details of credit card accounts.
Though the scope of the attack has now increased to cover all users, the company states that all the steps that were needed to protect users had already been taken as soon as the initial hack of one billion accounts was discovered.
The company had forced all users to change the passwords for their accounts after the 2013 hack. All the earlier security questions of users were invalidated as well.
Increased Legal Exposure
It actually doesn’t make much difference whether one billion or three billion accounts were hacked, as the percentage was already very high and Yahoo had supposedly taken all steps to protect users, by resetting passwords.
However, the real problem lies in the fact that this will increase the exposure to legalities that Yahoo parent company Verizon Communications might have to face.
It will likely result in an increased number of claims and lawsuits by the shareholders in the company, as well as by account owners.
The company has already been hit with several lawsuits due to the breaches. With this new disclosure that three billion accounts have been breached, the financial liabilities that Verizon will have to face might significantly increase as well.
Presently, Yahoo is facing 41 lawsuits by consumers in the United States courts, as of May this year. One of the representing lawyers has stated that more information is required before users’ claims can be settled.
The latest announcement revealing that three million accounts were involved in the hack will offer that much-needed information.
Verizon Affected
Yahoo is now part of the Oath division (part of an AOL merger), after being acquired by Verizon.
The Verizon offer was lowered by around $350 million after these cyber attacks.
However, the investigators had not discovered the total impact of the 2013 hack prior to Verizon closing its deal to acquire Yahoo.
This seems to be very surprising to security analysts. It should not have been too difficult for the company to find out that all the accounts were hacked.
Verizon has not made any comments regarding possible lawsuits, but it is undoubtedly going to become a major target for additional legal cases.
The latest explanations by security experts are that there are only two types of companies: ones that have been hacked and ones that are not aware that they have been hacked.
A Company Plagued by Hack Incidents
Another data breach took place in 2014, in which about 500 million accounts of Yahoo users had been compromised.
The company revealed the details in 2016 and claimed that some state-sponsored hackers were responsible.
The company also held the same attackers responsible for security breaches in 2015 and in 2016, and said that about 32 million accounts were hacked at that time.
Biggest Attack Ever
The 2013 attack on Yahoo was already the biggest in digital history, in terms of the sheer number of users who were affected.
The latest revelation that triples the earlier estimate will make the hack even more outstanding. The company has in effect only beaten its own record of attacks.