The largest (known) data breach to date just got a lot larger. When Yahoo first informed the public of a large-scale data breach dating back to 2013 in December last year, the company had estimated the hack affected 1 billion user accounts. In a statement published on Tuesday however, Yahoo, now part of Oath, admitted that new findings suggest that all 3 billion user accounts that the company had at the time of the attack were apparently compromised. According to information provided by Yahoo, the stolen user information may have included names, email addresses, telephone number, dates of birth and security questions (including answers) as well as hashed (i.e. encrypted) passwords. Payment card data and bank account information was not affected by the security breach.
Data breaches like the one at Yahoo have become increasingly common over the past years and are often uncovered when the stolen data is offered for sale on the darknet. As our chart illustrates, many high-profile companies have been subject to hacker attacks recently and they probably won't be the last. Security experts strongly recommend not using the same password across several websites. Using different passwords significantly limits the potential damage an exposed password could entail.