Yahoo suffered one hell of a database breach in 2013. However, it was only recently that the scale of the breach has become known. As it turns out, every account that existed during the time of the breach was compromised:
Yahoo said a major security breach in 2013 compromised all three billion accounts the company maintained, a three-fold increase over the estimate it disclosed previously.
The revelation, contained in an updated page about the 2013 hack, is the result of new information and the forensic analysis of an unnamed security consultant. Previously, Yahoo officials said about one billion accounts were compromised. With Yahoo maintaining roughly three billion accounts at the time, the 2013 hack would be among the biggest ever reported.
“We recently obtained additional information and, after analyzing it with the assistance of outside forensic experts, we have identified additional user accounts that were affected,” Yahoo officials wrote in the update. “Based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected.”
This should have been everybody’s assumption from the beginning. If an unauthorized individual had access to 1 billion accounts, it’s safe to say they had access to every account.