All of Yahoo's 3 billion user accounts in 2013 were affected by its massive data breach — not the 1 billion accounts that were initially reported, the company said Tuesday.
The revised number vastly expands the scope of the historic hack, which had previously broken records as the world's largest data breach. The updated figure comes as the public is still reeling from back-to-back reports of data breaches at Equifax and the fast-food chain Sonic.
News of the 2013 Yahoo breach broke last summer as it was being acquired by Verizon. The disclosure, coming just weeks after Yahoo admitted to a 2014 data breach affecting half a billion accounts, raised major questions about whether Verizon should go through with the deal. The uncertainty delayed closing by several months. But now, Yahoo is pointing to "new intelligence" that persuaded it that the scope of the 2013 breach was far more significant than previously thought.
“All Yahoo user accounts were affected by the August 2013 theft,” Yahoo said in a statement. “While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts.”
Yahoo added that no credit card information or unencrypted passwords associated with the additional affected accounts appear to have been stolen. The revised number of accounts includes those that may not have been “active” users at the time, meaning account holders who do not regularly log in, according to a person familiar with the matter, who spoke on the condition of anonymity to discuss the investigation.
Yahoo's latest admission comes at an uncomfortable time for technology firms as Washington grapples with the industry's enormous role in consumers' lives. That concern has extended to the political realm, with Facebook on Monday handing over to Congress thousands of online advertisements that are said to be linked to a Russian effort to influence the 2016 presidential election. Some conservatives, meanwhile, have called for companies such as Facebook and Google to be regulated like public utilities, in an effort to prevent right-wing speech from being marginalized.
Now Yahoo could find itself in the spotlight once again as policymakers debate how to handle a data-driven industry that faces such difficulty retaining control of its most valuable — and sensitive — assets.