Last year, Yahoo revealed that some 1.5 billion accounts — representing about 1 billion users — had been compromised by a data breach going back years. Now that Yahoo’s new parent company Verizon has had a chance to investigate it turns out that the number of accounts compromised by the hack was… well, every single one of them.
Verizon disclosed the results of its internal investigation into the breach, which began in Aug. 2013, this afternoon in a filing [PDF] with the Securities and Exchange Commission.
According to the filing, Verizon now has reason to believe that the number of compromised accounts was approximately three billion, meaning “all Yahoo user accounts were affected by the August 2013 theft.”
Yahoo, which still exists but is part of Verizon’s new “Oath” media division, says it will blast out new email notifications to every account that was not part of the earlier group of compromised accounts.
Verizon says the thieves in this case did not include unencrypted passwords, or any bank/payment card data.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
We’ve also reached out to Oath to see if there is any additional comment. We’ll update if we hear back.
Aucun commentaire:
Enregistrer un commentaire