NEW YORK — An epic and historic data breach at Yahoo in August 2013 affected every single customer account that existed at the time, Yahoo parent company Verizon said on Tuesday.
That’s three billion email, Tumblr, Fantasy and Flickr accounts — or three times as many as the company initially reported.
In December 2016, Yahoo disclosed that more than one billion of the approximately three billion accounts had likely been affected.
Names, email addresses and passwords, but not financial information, were breached, Yahoo said last year.
The new disclosure comes four months after Verizon acquired Yahoo’s core internet assets for $4.48 billion. Yahoo is part of Verizon’s digital media company, which is called Oath.
Verizon revised the number of breached accounts to three billion after receiving new information.
“The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Verizon said in a statement.
Verizon would not provide any information about who the outside forensics experts are.
Yahoo will send emails to the additional affected accounts. Following the hacking revelations last year, Yahoo required password changes and invalidated unencrypted security questions to protect user information.
Additional information regarding this issue is available on the Yahoo 2013 Account Security Update FAQs page, https://yahoo.com/security-update.
This post has been updated with content from the CNN Wire.