The number of Yahoo! accounts that were compromised in an August 2013 hack has risen from one billion to three billion—every account that existed at the time. The already staggering figure sent shockwaves through the tech industry when the company first announced the breach last December. The new announcement is alarming, if only because it’ll be hard to top.
In practical terms, it doesn’t matter whether one billion or three billion accounts were impacted by the breach. The company issued a total reset of every account password and a wipe of all security questions following the revelation in December. That said, the number is now considered the largest breach in history.
The Yahoo! breach gave hackers access to users’ names, email addresses, phone numbers, birthdays, hashed passwords, and a mix of encrypted and unencrypted security questions. The company states that more sensitive information, like credit card data, was not compromised in the attack.
Yahoo! took three years to realize it had even been hacked, and almost four years to complete its investigation. The 2013 breach was separate from another breach that occurred in 2014, which wasn’t disclosed until September 2016. That hack impacted 500 million accounts, and holds the record for the second-largest known breach in history.
Speaking to Wired, a former information security officer who worked at Yahoo! in the early 2000s shared his views on the matter. “They are as big as it gets,” said Jeremiah Grossman, chief of security at SentinelOne. “Maybe Google or maybe Facebook, but the next mega-breach is not going to be orders of magnitude bigger.”
Grossman said that the staggering figure shouldn’t be surprising, as there’s no reason why the hackers wouldn’t have been able to gleam information from every single account Yahoo! had in its databases, instead of just a third of them given their level of access.
The latest disclosure follows Yahoo!’s acquisition by Verizon and merger with AOL. According to Techcrunch, the two back-to-back revelations prompted Verizon to demand a price reduction during their acquisition of the tech giant.
The recent Equifax breach, which affected 145.5 million users, may ultimately have a larger impact on affected users due to the sensitivity of the data. Hackers got away with Social Security numbers and credit card details, in addition to other privileged information–but that isn’t much of a silver lining for Yahoo! users whose details are now floating freely on the darker parts of the Internet.
Featured image via Money CNN