Yahoo breach larger than originally thought

The one billion users originally thought to be affected were already notified by email and Oath said the other users affected by the Yahoo data breach have also been notified by email.

Yahoo, which was purchased by telecommunications giant Verizon in June and is now part of Verizon subsidiary Oath, said in a statement that all Yahoo user accounts were affected in the August 2013 data theft. Chandra McMahon, chief information security officer of Verizon, said the telecoms company's investment in Yahoo was allowing the team to take "significant steps to enhance their security, as well as benefit from Verizon's experience and resources".

Yahoo revealed that all three billion of its accounts were hacked-here's what you can do about it.

The company said it was sending email notifications to additional affected user accounts.

It added that the hack "did not include passwords in clear text, payment card data, or bank account information".

To protect themselves, Yahoo account users should change their passwords and security questions and consider using the password-free authentication tool Yahoo Account Key, the company said.

Enable two-step verification. On sites such as Yahoo, two-step verification is one of the best forms of account security available. Yahoo was acquired by Verizon Communications four months ago.

The closing of the deal, which was first announced in July, had been delayed as the companies assessed the fallout from two data breaches that Yahoo disclosed past year. In September 2016, Yahoo disclosed that 500 million of its accounts had been affected in a similar 2014 hacking scandal. "We see this in almost every major data breach".

"Frankly, I don't know how Yahoo got away with this", Kaplan told The New York Times yesterday.