Skip to main content

Yahoo’s 2013 data breach is worse than believed — 3 billion users were affected

In December 2016, Yahoo disclosed that its servers were hacked way back in 2013, compromising the sensitive personal data of around 1 billion users. On Tuesday, Yahoo’s new parent company, Verizon, confirmed that the initial estimate was a bit low — in fact, all Yahoo accounts were compromised in the 2013 hack. That’s 3 billion users, making it the largest data breach in history.

“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” reads a statement from Verizon subsidiary Oath.

Recommended Videos

If you ever had a Yahoo account prior to 2013, now would be a good time to resecure all of your existing online accounts — particularly any that may have had contact with your Yahoo account. The security precautions Yahoo took in the aftermath of the original hack might protect current Yahoo users.

“In 2016, Yahoo took action to protect all accounts, including directly notifying impacted users identified at the time, requiring password changes, and invalidating unencrypted security questions and answers so that they could not be used to access an account. Yahoo also notified users via a notice on its website,” Oath’s statement says.

The original breach shook confidence in Yahoo’s ability to protect its users personal information, not only because of the scope of the data breach but because of how long it took for Yahoo to disclose that its users’ information had been compromised.

As a reminder, the original data breach in 2013 potentially exposed names, email addresses, telephone numbers, dates of birth, hashed passwords, as well as security questions and answers. Naturally, such a glut of personal information could be used in a variety of ways, not least of which would be to access other online accounts.

Yahoo was quick to point out what information wasn’t compromised, however.

“The investigation indicates that the information that was stolen did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected,” the statement reads.

Even though payment data and bank account information wasn’t leaked, it could very well have been accessed with the treasure trove of personal information hackers successfully made off with. So it bears repeating, if you’ve ever had a Yahoo account, it’s time to change all your passwords. Again.

If you don’t already have one, now would be a good time to look into a password manager.

Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
This vaccine passport app data breach is a cautionary tale
Man frustrated at computer.

A security blunder by proof-of-vaccination app Portpass provides a reminder that third-party apps may not protect your privacy and security. According to CBC News, Portpass exposed potentially hundreds of thousands of users’ personal information on its unsecured website.

After receiving a tip that the user profiles on the app’s website were accessible by members of the public, CBC verified the claim. While on the website, CBC was able to see users’ personal information, email addresses, blood types, birthdays, phone numbers, and photo identification, including driver’s licenses and passports.

Read more
T-Mobile confirms hack, investigates whether customer data was stolen
A T-Mobile store.

T-Mobile has confirmed that its computer systems were accessed without permission and says it's now conducting an investigation to determine the full extent of the hack.

The announcement follows claims on Sunday, August 15, that a hacker was in possession of data belonging to 100 million T-Mobile customers and was trying to sell it via an underground forum.

Read more
T-Mobile investigating claims of massive hack involving customer data
T-Mobile storefront with corporate signage.

T-Mobile says it’s investigating claims of a major data breach that may affect as many as 100 million of its customers.

A message spotted on an underground forum on Sunday, August 15, came from someone claiming to be in possession of personal data belonging to 100 million people. The message made no mention of T-Mobile, but when the poster was contacted by news site Motherboard, it became apparent that the mobile company's customers were at the center of the alleged hack. The figure of 100 million would be remarkable as it's almost equal to T-Mobile's entire customer base.

Read more