Late last year, Yahoo revealed it had been the subject of a massive data breach, possibly affecting 1 billion users that was separate from another hack that affected 500 million users in 2014. These had significantly impacted the company's standing and even allowed Verizon to negotiate a large discount in its purchase of the company. However, it seems the problem was understated at the time.
The hack in question, which was purportedly state-sponsored and conducted in 2013, was already considered the largest data breach of its kind, but an update by the company now suggests the number of affected users may have been thrice as much as previously thought, affecting all of the 3 billion users Yahoo had at the time. The company issued the following statement to reflect this new development:
"Based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected.
It is important to note that, in connection with Yahoo's December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so."
The update was the product of an internal investigation of Yahoo in order to allow Verizon to integrate the company with AOL, which brought to light this new intelligence. The company also confirmed that the exposed information did not include "passwords in clear text, payment card data, or bank account information", which should be a relief to anyone who used Yahoo's services at the time.