The 2013 Yahoo hack was three times bigger than originally thought, investigation reveals!

Yahoo has tripled down on what was already the largest data breach in history, saying it affected all three billion accounts on its service, not the one billion it revealed late last year.

The company announced Tuesday that it has sent emails providing notice to additional user accounts affected by the August 2013 data theft.

The breach now affects a number that represents nearly "half the world," said Sam Curry, chief security officer for Boston-based firm Cybereason, though there's likely to be more accounts than actual users.

If you had a Yahoo account in 2013, your username and password were stolen. Period.

The breach now affects a number that represents nearly "half the world," said Sam Curry, chief security officer for Boston-based firm Cybereason, though there's likely to be more accounts than actual users.

GDPR
GDPR is coming fast! Make sure your organisation is prepared and compliant with the CDPO training and certification.
Find out more

What you can (and can't) do

If you hadn't already changed your Yahoo password (or deleted your Yahoo account) when the 1-billion-user breach was disclosed a year ago (or when the different, 500-million-user breach from 2014 was disclosed a couple of months before that), then now is the time to do so. Don't forget to change that password anywhere else you used it as well.

Other than changing passwords (and we recommend a good password manager to keep them all strong, secure and unique), you should make sure to unlink your mobile devices from your Yahoo accounts and then relink them using new passwords. Also, turn on two-factor authentication on Yahoo and on any other online service that allows it, such as Google, Facebook, Microsoft, Apple and Dropbox.

Leave a Reply