Yahoo now believes all 3 billion of its accounts affected by 2013 breach

Yahoo now believes all 3 billion of its accounts affected by 2013 breach
© Getty Images

Yahoo’s massive data breach revealed last year affected all of its 3 billion accounts, the company announced on Tuesday, triple the number that it had said were impacted when it revealed the breach in December 2016.

After Yahoo was purchased by Verizon this year, it was rebranded as Oath. Oath announced that it would be notifying all of the additional users impacted by the breach.

"Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources," said Chandra McMahon, Verizon’s head of information security.

Verizon said the new figure was based on new information it had found since its purchase of Yahoo cleared.
 
ADVERTISEMENT
Oath did not specify what information was at risk for the users it now believes were a part of the breach, but said that hackers did not steal passwords, credit card numbers or bank account information.

When Yahoo first announced the breach last year, it said that names, emails, addresses, dates of birth and phone numbers were among the stolen information.

Oath said on Tuesday that it was cooperating with law enforcement in its investigation of the breach.

The announcement came the same day that Equifax's former CEO testified before Congress about the credit reporting agency's own data breach that exposed sensitive information for about 145.5 million people. 
 
Sen. John ThuneJohn Randolph ThuneMcConnell names Senate GOP tax conferees Overnight Health Care: 3.6M signed up for ObamaCare in first month | Ryan pledges 'entitlement reform' next year | Dems push for more money to fight opioids Dems push for more money for opioid fight MORE (R-S.D.), the chairman of the Senate Commerce Committee, said that he would be calling on Yahoo and Equifax executives to testify before the panel.
 
"After a breach, affected consumers expect organizations that failed to safeguard sensitive information to be forthcoming about potential risks and explain how they plan to meet their obligations to mitigate damage that may not be known for months or years," Thune said in a statement.
 
—Updated at 6:33 p.m.