Last year, Yahoo revealed it’d suffered a massive data breach in 2013. It copped to a billion people affected by the breach. Today, the company has admitted that the number was actually 3 billion — a.k.a all of Yahoo’s accounts at the time.
According to a statement from Oath (the Verizon subsidiary into which Yahoo was folded):
Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.
This means, if you had a Yahoo account in 2013, you were affected by the breach. Yahoo has emailed all users who thought they were safe at the time to inform them that, you know, it’s actually kind of a funny story…
Yahoo says that the information breached didn’t include passwords or bank information, and that they are working with law enforcement. Still, if for whatever reason you didn’t change your password at the time, doing so is probably a good idea now.
Oath did not give further comment.