Last year, Yahoo revealed that some 1.5 billion accounts — representing about 1 billion users — had been compromised by a data breach going back years. Now that Yahoo’s new parent company Verizon has had a chance to investigate it turns out that the number of accounts compromised by the hack was… well, every single one of them.
Verizon disclosed the results of its internal investigation into the breach, which began in Aug. 2013, this afternoon in a filing [PDF] with the Securities and Exchange Commission.
According to the filing, Verizon now has reason to believe that the number of compromised accounts includes “all Yahoo user accounts.” That would put the total number of affected accounts at around 3 billion — about 40% of the world’s population.
Yahoo, which still exists but is part of Verizon’s new “Oath” media division, says it will blast out new email notifications to every account that was not part of the earlier group of compromised accounts.
Verizon says the thieves in this case did not include unencrypted passwords, or any bank/payment card data.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
When reached for comment by Consumerist, a rep for Oath referred us back to the statement included in the SEC filing.