View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 4, 2017

Yahoo hack revelation: ALL accounts affected in 2013 breach

First the world was shocked when Yahoo revealed that the 2013 breach had affected 500 million, then a confession of one billion emerged, are you surprised to find that all accounts were involved?

By Tom Ball

An investigation has revealed the true extent of the notorious 2013 breach that hit Yahoo, finding that in fact every one of the three billion accounts were impacted.

The users of these accounts are in the process of being notified, but it has been stated that payment card and bank account details were not included, and passwords were not clearly visible.

Verizon has purchased Yahoo since the slew of reputation destroying data breaches, and new insight was made into the hacks of 2013 and onwards. Oath is the new brand formed by Verizon’s acquisitions of both Yahoo and AOL.

Initially it was announced that an already shocking 500 million accounts had been affected, before a figure of one billion was owned up to. The unveiling of the truth that all three billion user accounts were hit exceeds expectations.

Yahoo hack revelation: ALL accounts affected in 2013 breachSam Curry, CSO at Cybereason, commented on the situation, he said: “The raw number of compromised accounts increase verges on the ridiculous and loses meaning as we get numbers normally only seen in astronomy. 3 billion, 2 billion, 1 billion… how does this have personal meaning when it means half the population of the world? The biggest issue is that this is another blow to our collective privacy: the cost to gain information on anyone plummeted and should be at the forefront of the debate.”

Despite the announcement the critical banking and password information was not involved, the all-encompassing breach did release addresses, phone numbers and names.

Oath, now in charge of the situation, said in a statement regarding the revelation: “Yahoo, now part of Oath, today announced that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2016. At that time, Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected. In 2016, Yahoo took action to protect all accounts, including directly notifying impacted users identified at the time, requiring password changes and invalidating unencrypted security questions and answers so that they could not be used to access an account.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
NCSC bombarded by cyberattack reports in first year of operation
Mastercard predicts the future with pre-emptive cybersecurity defence
Amazon owned Whole Foods investigates card data breach

This news that in fact all of the Yahoo accounts were affected in the 2013 hacks marks an end to a grim saga that will become a landmark in cybersecurity history, and an example of how not to handle cyber incidents.

Chandra McMahon, Chief Information Security Officer, Verizon, said: “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats… Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.