Skip to main content

It turns out every Yahoo account was hit by the data breach a few years ago

The company now says hackers hit all 3 billion accounts, not 1 billion

A 2013 security breach at Yahoo affected three times as many accounts as the company first thought, a new announcement says. 

Yahoo was acquired this summer by Verizon, which said Tuesday the data theft affected not just one billion accounts, as Yahoo reported last year, but "all three billion accounts." 

Verizon had investigators look back at the data breach as part of its integration with Yahoo. 

They say the hackers did not steal any bank account or payment card numbers. What they did steal were names, email addresses, telephone numbers, birth dates, hashed passwords, and security questions.

Last year Yahoo made the one billion account holders they knew were affected change their passwords and their security questions.

Now they'll send emails to another two billion people advising them to do that, too. 

Beware of phishing scams 

As Yahoo prepares to send out a couple billion emails, you can bet that scammers will be reaching out, too. 

On a web page answering FAQs about the security breach, Yahoo says its emails will not include any links or attachments. 

So if you get an email about your Yahoo account asking you to click on a link or open an attachment, you can be sure that's a phishing scam. 

Besides changing their passwords and security questions, Yahoo also suggests people consider using a two-step verification. That's where they send a code to your phone for you to enter before you can open your account. 

Yahoo now part of Oath

Verizon paid $4.5 billion for Yahoo, although the BBC says the purchase price came down a few hundred million after Yahoo discovered it had been hacked in 2013 and also 2014

Verizon is combining Yahoo and other brands including AOL into a new company called Oath. 

Even though Yahoo is getting absorbed, it's apparently still getting investigated, too. The Wall Street Journal reports the Securities and Exchange Commission is looking at why it took the company so long to report the data breaches and whether they broke any laws by delaying. 

Next Up


Charges: Teen speeding before crash that killed mother, injured her son

The teenager was driving at speeds between 72-89 mph at the time of the crash.

Northland Vapor in Moorhead, Minn.

Northland Vapor calls St. Paul regulators 'overzealous' in lawsuit over THC sales

The small Minnesota business said the lawsuit was "misleading" and "shameful."


Excelsior chocolate shop ransacked by thieves to reopen

Truffle Hill will reopen to the public on Friday.

Company agrees to changes after child workers found in MN meat plants

An investigation found children ages 13-17 working hazardous jobs at the plants.


Drinks can company to lay off almost 100 workers, close St. Paul plant

State authorities were informed of the impending closure.


Suspect in Minneapolis bar killing charged with weapons crime

The suspect has not been charged with murder in the case as of Wednesday.

snow, blowing snow

A monster storm is coming next week: What will happen?

What we know with high confidence at this point is that there will be a monster storm in the central U.S. by the early and middle part of next week.

police lights

Boy safe after kidnapping by non-custodial parent in Mankato

The search prompted the temporary shutdown of I-35 Tuesday night.


11 face charges after being found 'exploring' Fridley sewer system

A 911 caller reported seeing a group removing a manhole cover Monday night.


The Equifax breach may've hit another 2.5 million people

The total number possibly affected is now over 145 million.

Data breach at DoorDash compromises nearly 5 million accounts

The food delivery service says some users should reset their passwords.

Franken to Yahoo: Why did it take 2 years to discover data breach?

Minnesota U.S. Senator and Congress' resident data protector Al Franken has turned his ire on Yahoo! after a huge data breach.

Payment information accessed in Delta data breach

Delta says a 3rd party company was breached in the fall.