Yahoo which was taken over by Verizon earlier this year, said an investigation had shown the breach went much further than originally thought. Previously the internet giant had said “more than one billion” of its accounts had been hit.
The company said
Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts.
The stolen data however indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.
Yahoo said that while its latest announcement did not represent a new “security issue” it was sending emails to all the “additional affected user accounts”.
The company added that it was “continuing to work closely with law enforcement”
In Tuesday’s statement Verizon’s chief information security officer Chandra McMahon said: “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats.”
“Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”