Back in 2013, Yahoo's database was breached by hackers and it wasn't discovered or reported until 2016. When that reporting happened last year, Yahoo thought that detials on 1 billion of its user accounts had been stolen. As it turns out, things are much worse than Yahoo (now owned by Verizon and part of Oath) originally thought.
Yahoo reports that after its acquisition by Verizon and during the integration of the two companies, new intelligence on the breach was found and that it now believes all 3 billion accounts existing in 2013 were stolen in the hack. Yahoo reminds users that this isn't a new security breach and notes that it will be sending out emails to all additional users affected. Last year the 1 billion users thought to have been in the breach were sent emails that forced them to change passwords and security questions.
Yahoo is noting that the investigation indicates that user account details stolen in the breach didn't include passwords in clear text, payment card, or bank account information. Yahoo and Oath are still working with law enforcement on the breach.
"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, Chief Information Security Officer, Verizon. "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."
The massive breach was a very big deal for Yahoo and when Verizon was buying the company Yahoo did have to take a gigantic $350 million discount specifically for the data breaches it has suffered. Verizon ended up paying $4.48 billion for Yahoo in cash.
Yahoo's CEO Marissa Mayer took some significant heat after the security breach was discovered. As a result of those breaches she had to give up her $12 million annual bonus and her equity grant because of the breaches. Many of the account details stolen in the Yahoo hack were associated with government accounts.