3B Accounts Hit in 2013 Security Breach, Yahoo Now Admits

Yahoo has set a new world record.

The Internet company, in a statement this week, said the 2013 cyber-attack of its systems resulted in the breach of every single user account it had at that time: three billion, to be exact. That is far more than the one billion accounts it originally estimated when the company broke the news last year. 

Yahoo, which was purchased by Verizon this summer, was quick to point out the matter “is not a new security issue,” but said it is sending e-mail notifications to the additional affected user accounts.

“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” Verizon chief information security officers Chandra McMahon said. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”

The stolen user account information from the breach is thought to have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.

Yahoo’s investigation into the incident, with the assistance of outside forensic experts, has revealed that passwords in clear text, payment card data and bank account information were not accessed by the hackers. Yahoo said payment card data and bank account information are stored on a system separate from the one that was targeted by hackers.

Yahoo, which became part of Oath along with AOL after the Verizon purchase, has yet to reveal the group behind the security breach, although the company has said the attack is believed to be state-sponsored.

Verizon closed its $4.48-billion all-cash purchase of Yahoo’s Internet division back in June. The sale ended up being $350 million less than the $4.83-billion Yahoo was originally seeking, however, due to both the 2013 security breach and a 2014 attack that hit more than 500 million accounts.

Anyone seeking information on how their Yahoo account may be impacted can find answers via a security FAQ provided by Yahoo.

About the author


Jennifer Cowan

Jennifer Cowan is the Managing Editor for SiteProNews.

1 Comment

Click here to post a comment
  • Each time I read something about this databreach, it gets worse and worse – I wonder if Verizon is feeling some “buyer’s regret”, right now.