Revealing last year that its one billion user accounts were affected by a data breach in 2013, Yahoo has now announced that all of its users -- nearly 3 billion at that time -- were impacted by the massive data breach.
Yahoo, now part of Oath -- a subsidiary of Verizon -- said late on Monday that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2016.
At that time, Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected.
"Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft," Yahoo said in a statement.
Yahoo is now sending email notifications to the additional affected user accounts.
"The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement," the statement further said.
Yahoo was acquired by Verizon for $4.48 billion.
"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, Chief Information Security Officer, Verizon.
"Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources," McMohan added.
Last yeat, Yahoo disclosed a new security breach that may have affected more than one billion user accounts.
"For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers," said Bob Lord, Chief Information Security Officer, Yahoo.