When Yahoo disclosed in December that a billion (yes, billion) of its users' accounts had been compromised in an August 2013 breach, it came as a staggering revelation. Now, 10 months later, the company would like to make a correction: That incident actually exposed three billion accounts—every Yahoo account that existed at the time.
On the one hand, this new information doesn't really change things in a practical sense, because the initial billion account estimate was already enormous—you could safely assume you were impacted—and Yahoo took protective steps for all users in December, like resetting passwords and unencrypted security questions. On the other hand, three billion accounts.
"They are as big as it gets," says Jeremiah Grossman, who worked as an information security officer at Yahoo for two years in the early 2000s and is now the chief of security strategy at SentinelOne. "Maybe Google or maybe Facebook, but the next mega-breach is not going to be orders of magnitude bigger.""