2016 revealed one of the biggest data hacks in history when a reported one billion Yahoo user accounts were found to have been hacked, with login information stolen.
As if that wasn’t bad enough, it has now been revealed that the epic data breach affected all Yahoo users; tripling the initial number of accounts thought to be affected.
The three billion accounts breached is a number equivalent to almost half of the world’s entire population. Accounts for Yahoo-acquired social media platforms Tumblr, Fantasy and Flickr have also reportedly been compromised in the breach.
Revealing the new intelligence
Verizon, owners of Yahoo since July of 2016, were introduced to new information which forced them to review the investigations into the breach. It was then, that they discovered the massively elevated number of accounts that were actually breached.
“The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” read a Verizon company statement.
How was the discovery made?
There are varying speculations as to how the new information came to light. Some sources believe that Verizon’s $4.8 billion acquisition of Yahoo may have unearthed the extra two billion compromised accounts. Other sources suggest criminals may have misused stolen information or tried to sell information not originally thought to have been compromised.
Yahoo are reportedly going to send users an email notification about the breach. However, the massive delay could mean that countless users may have already experienced attacks from cybercriminals who have stolen their login details.
When the breach was discovered in 2016, Yahoo asked every user to change their username and password details before they could continue using their services. However, many account holders no longer use Yahoo and so their password details will not have changed.
Experts “not surprised”
Experts are reportedly not surprised by the new revelations: “This often happens with breaches, on a much smaller scale,” said Wesley McGrew, a security expert at Horne Cyber; “Initially, the investigation establishes a set of compromised systems and data that encompasses a set of users, then later something is discovered that expands the compromised systems [or] access.”
The Information Commissioner’s Office also released a statement in response to the news condemning Yahoo for its lack of responsibility over protecting users information: “It is very disappointing to see the company is apparently still uncovering additional problems despite the length of time since the breach occurred,” said U.K. Information Commissioner Elizabeth Denham. The ICO will continue to investigate the mammoth data breach and work with Yahoo to work out the best way to mitigate damage.
Change your login credentials!
The ICO is urging everyone who has a Yahoo account or any account owned by Yahoo (Tumblr, Flickr etc) to change their login details. Even those who no longer use their accounts are urged to do the same before deleting their accounts as cybercriminals may be able to obtain clues to guess the individual’s login details for other online accounts.
Chief Technology Officer for Obsidian Security, Ben Johnson, warns that the problem with data breaches will only get worse. He notes that Yahoo might not ever find out exactly what was accessed and what information has been stolen. Countless users are therefore left to fend for themselves as cybercriminals perhaps sell or use their private information for malicious purposes.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.