The 2013 data breach at Yahoo, thought to affect 1 billion users, was much worse than originally thought. On Tuesday the web portal, now officially a subsidiary of Verizon, announced that the hack affected all of its 3 billion user accounts.
In the midst of Verizon’s Yahoo acquisition, which closed in June, the companies discovered the full scope of the data breach after an investigation by outside forensic experts. Names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers may all have been stolen, according to a Yahoo Q&A about the breach. Stolen data did not include passwords readable in clear text, credit card data, or bank account info.
When Yahoo first announced the data breach in December 2016, the 1 billion figure was already eye-popping enough to give Verizon pause about completing its acquisition of the beleaguered Web 1.0 giant. Now, though, Yahoo is firmly secured as one of the central brands of its content subsidiary, Oath, which exists to serve as many ads to as many eyeballs on the web as possible. So this L is now the responsibility of Verizon executives rather than Marissa Mayer, the former Yahoo CEO who was in charge when the breach occurred but left the company when the acquisition was completed.
The Yahoo announcement is the latest in a string of egregious lapses in security by the corporations we trust with our online data. The credit-reporting agency Equifax suffered a massive breach that may have compromised the personal data, including credit card numbers, of up to 145.5 million customers. CEO Richard Smith retired after the hack was disclosed. But Smith stands to earn at least $18.4 million in pension benefits from Equifax, and Mayer was awarded $23 million in severance payments (in addition to the $236 million in company stock she already possessed) when she got the boot from Yahoo. Whoever ends up losing out from these continued hacks, it certainly won’t be the executives who were at the helm when they occurred.