The biggest data breach ever actually affected three times more people than we first thought.
Yep, we’re talking about the Yahoo hack from 2013, which—as we now know—reached all 3 billion users at the time, according to Verizon, the company that acquired Yahoo earlier this year.
The disclosure comes from a spokesperson at the newly formed Verizon unit Oath, citing “new information from outside the company” they received last week. Verizon did not say where the information came from and is not able to identify the person responsible for the 2013 hack. The U.S. government previously accused Russia of hacking 500 million users in a separate 2014 attack.
As the Wall Street Journal points out, around 43 class-action lawsuits have been filed against the former icon, and the U.S. Securities and Exchange Commission is investigating to see if Yahoo should have disclosed information sooner.
The information stolen included usernames, passwords, and some phone numbers and date of births, an Oath spokesperson told the Journal. Over the next few days, Oath will notify via email the additional 2 billion users who were affected.
You won’t need to change your password again because Yahoo already forced everyone with an account to change theirs after it disclosed the 2013 attack in 2016. However, you could do yourself a favor and ditch Yahoo altogether.