When Yahoo announced the news of a security breach with their organization four years ago, it created a storm of controversy.
Known for their popular mail client as well as their search engine, the company announced that as many as a billion users may have been affected by the breach.
But now it seems the attack may have been much worse than originally thought. The number of affected individuals is now believed to be 3 million based on new information. Not only is this figure triple the original estimate, but it also encompasses Yahoo’s entire userbase.
Things have changed since 2013. Yahoo is now owned by a Verizon subsidiary named Oath. It was their resources and oversight that helped shed new light on the infamous breach, drawing more concerns from users about data security as well as the timelines regarding when the full impact of these issues are found.
The findings were added to the company’s Account Security Update page, and the implications are highly concerning. Verizon received a $350 million discount for acquiring Yahoo due to concerns about the initial breach. With more data now available revealing the true reach of the attack, Chief Information Security officer Chandra McMahon released a statement.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats.”
Cyber criminals have been getting craftier in recent years. Not only are online transactions becoming more common, users are storing more information digitally than ever before. This includes on the cloud, making breaches a goldmine for data thieves compared to years prior.
Equifax recently suffered a major attack, with the personal data of 143 million people being compromised due to a security vulnerability.
Verizon officials have noted their investment into Yahoo will provide the popular company with more resources to improve their security. The affected users may have had name, birthdays, passwords, and telephone numbers compromised. Even security questions and answers may have been obtained by data thieves.
Experts do not believe that payment data such as bank account numbers were compromised. The reason for this is that such data was not stored on the same system the company says was impacted by the attack.
Yahoo has provided guidelines to help users protect themselves. This includes changing passwords and security questions. Users should also change information on other accounts if it was the same on their Yahoo profile.
One concerning fact in the aftermath is that data thieves can also capitalize on the post-attack security craze. With users looking to protect themselves, cyber criminals often send attacks via email while disguising these efforts as notices from Yahoo or Verizon.
Anxious users may quickly click the email in hopes of finding a solution, only to fall victim to another attack. Officials are still investigating the new details of the hack, and working on ways to prevent similar instances from happening in the future.