The 2013 cyberattack on Yahoo was bad enough at the time, with the company saying that one-third of its users were affected. The result, as with the mounting number of such incidents: a flurry of panicked users changing passwords, complaining to authorities and regulators or ditching the service altogether.
Today the company, now controlled by Verizon, admitted that the breach actually was three times as severe. Based on an investigation, it tripled the original estimate of affected user accounts to all 3 billion it had at the time, though it said many of the accounts were seldom if ever used, and bank account or payment card information or spelled-out passwords were not part of the breach.
After details of the hack came to light in December, Verizon lowered the price it was paying to acquire Yahoo assets by about $350 million, settling on an acquisition price of just under $4.5 billion.
Yahoo, which now does business under the new name Oath, says it will notify current users, whose point of contact with the onetime internet kingpin could have been subsidiaries like Tumblr, Flickr or its fantasy sports operations.
The revelation follows in an ignominious line of compromised-data events in 2017, the most notorious being the one involving Equifax, the credit agency whose core business is to be entrusted with customers’ personal financial information.