Three billion Yahoo accounts — including email, Tumblr, Fantasy, and Flickr — or three times as many as the company initially reported in 2016 were hacked.
Names, email addresses, and passwords, but not financial information, were breached, Yahoo said last year
The new disclosure comes four months after Verizon (VZ, Tech30) acquired Yahoo’s core internet assets for $4.48 billion. Yahoo is part of Verizon’s digital media company, which is called Oath.
Verizon revised the number of breached accounts to three billion after receiving new information.
“The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Verizon said in a statement.
Verizon would not provide any information about who the outside forensics experts are.
Yahoo will send emails to the additional affected accounts. Following the hacking revelations last year, Yahoo required password changes and invalidated unencrypted security questions to protect user information.
According to experts, it’s not uncommon for forensic investigations to expose a greater number of victims than initial estimates.
Once the proposed $4.8 billion sale to Verizon is completed, CEO Marissa Mayer announced she would resign from the company’s board and the company could even get a new name.
After the Verizon deal closes the company would be renamed Altaba
Yahoo admitted that back in 2014 there was a theft of 500 million accounts. However, Verizon who recently acquired Yahoo in July for $4.83 billion has not finalized the acquisition and says this is news to them, they’re just learning about this.
The hacking of yahoo account certainly comes at a bad time when Yahoo is in the process of selling its company to the mega giant Verizon. The hack, became known in August when an infamous cybercriminal named “Peace” said on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses.
The notorious black hat says he has more than 200 million hacked Yahoo accounts for sale on the dark Web. Yahoo is refusing to comment on its veracity. Yahoo accounts are primarily used to log into the company’s webmail service, but also for other sites like Flickr. It is uncertain at this point whether Yahoo has itself been breached, but the account data has been publicly available on a Tor-accessible marketplace called The Real Deal since Monday, and is apparently being sold by a hacker known as Peace, who has previously been linked to large-scale sales of MySpace and LinkedIn account details in 2012.
The entire dump, which apparently contains usernames, hashed passwords created with the md5 algorithm, dates of birth, and occasional backup email addresses, can be bought for three bitcoins (roughly £1,360 or $1,813).
Yahoo recommends creating stronger passwords