The Yahoo hack keeps getting worse and worse. Originally, the former Internet giant confessed a data breach of 200 million users but the number quickly ballooned to much greater figures. In December 2016, Yahoo admitted that 1 billion accounts got hacked since 2013 and everyone thought that would be the end of it.
Not so quick! Today there's a new confession from Yahoo that reveals all of the company's user accounts got hacked in 2013. Personal details of a whopping 3 billion accounts were compromised in August 2013.
"We recently obtained additional information and, after analyzing it with the assistance of outside forensic experts, we have identified additional user accounts that were affected," Yahoo officials wrote in the update. "Based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected."
The stolen information includes user names, e-mail addresses, phone numbers, date of births, and encrypted or plain text security questions and answers. Yahoo claims they found no evidence the hackers got passwords, payment card date, or bank account information in clear text format.
However, that doesn't inspire a lot of confidence as Yahoo used MD5 hashing for the passwords, an algorithm that hasn't been considered safe for 20 years or so. The hack of Yahoo was already the biggest in history and it now got three times bigger.