All 3 billion Yahoo accounts hacked in 2013

Verizon Communications, which acquired Yahoo this year, said on Tuesday that a previously disclosed attack that had occurred in 2013 affected all three billion of Yahoo’s user accounts, as the Wall Street Journal is reporting.

Last year, Yahoo said the 2013 attack on its network had affected one billion accounts. Three months before that, the company also disclosed a separate attack, which had occurred in 2014, that had affected 500 million accounts.

This revelation comes via a spokesman for the newly created Verizon unit Oath, under which the Yahoo and AOL brands now fall. Per the Journal, the spokesman ominously cited "new information from outside the company" that they received last week, declining to clarify further where the new information came from revealing the greater extent of the breach. 

Digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack.

Yahoo has never said that they identified the source of the hack — they did point to a "state sponsored actor" when first revealing a smaller hack of 500 million accounts believed to have happened in 2014, a year ago last month. However as Bloomberg reminds us, the original hack was discovered by internet security expert Andrew Komarov, who had allegedly observed Yahoo's dataset being sold on the dark web three times, including once to a probable intelligence source that listed out "10 names of U.S. and foreign government officials and business executives to verify that their logins were part of the database."
In terms of number of users, the Yahoo breach was already the largest in history, and now it's likely to hold on to that title even longer.