On Tuesday, it was announced by Yahoo, now owned by Verizon (NYSE:$VZ), that the 2013 data theft affected 3 billion users. This is an increase of 3x the previous estimate of affected users. A nationwide lawsuit was already in place before the announcement. Yahoo clarified that they now believed all user accounts had been affected, citing ‘recently obtained new intelligence’.
Yahoo had previously stated in December that 1 billion user accounts were compromised by the 2013 attack. The cyber-attack is also thought to be the reasons that Yahoo was forced to cut the price of its assets during its sale to current owner Verizon Communications.
In February, following news of the attack, Verizon cut its original offer by $350 million for the internet company’s assets, eventually paying $4.48 billion for Yahoo’s core business after many related delays.
It was determined by Judge Lucy Koh in August that Yahoo would not be immune to nationwide litigation from the 1 billion users whose personal information was stolen during the attacks.
John Yanchunis, a lawyer in Yahoo’s employ, said, “Judge Koh had asked us to provide additional facts to support what we knew about the 2013 breach. I think we have those facts now”.
Yahoo stated that the number may have been inflated by accounts that were opened, but never, or only briefly, used. They also stated they would be notifying affected users through email.
The new numbers are thought to have originated with an investigation that was overseen by Yahoo, Verizon, law enforcement, and cybersecurity firms over the past months.
David Kennedy, chief executive of cybersecurity firm TrustedSEC LLC pointed out how hard it was for companies to get ahead of attacks, even when they have foreknowledge of them. He stated that companies are not equipped to store up all network activity that could be used to trace the breach.
“This is a real wake up call. In most guesses, it is just guessing what they had access to,” said Kennedy.
Featured Image: money.cnn