Affiliate links on Android Authority may earn us a commission.Learn more.
Yahoo now says all 3 billion of its accounts were impacted in 2013 hack
August 21, 2025
It’s much worse than we thought. We already knew that1 billion Yahoo accounts were impacted by a 2013 hack, but new evidence places that number is much, much higher.Yahoois now sending out a notice thatall 3 billion of its accountswere impacted by the breach.
Yahoo is nowa part of Oathafter it waspurchased by Verizon for 4.5 billion dollarsand merged with AOL. During that integration process, new evidence was discovered by forensic experts. It indicated that every account was impacted in the August 2013 hack, not just the 1 billion Yahoo had previously disclosed. That’s every single account whether it was used for email access,Flickr,Fantasy Football, or something else.
Verizonis in full damage control mode now. In a statement released to the media, Chief Information Security Officer Chandra McMahon had this to say:
Verizon and Yahoo have also made it clear that no clear-text passwords, credit card data, or bank account information has been stolen. For affected accounts, Yahoo previously said that “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers” may all be included in the stolen data.
When the hack was announced in 2016, Yahoo invalidated all forged cookies and unencrypted security questions and answers. It also triggered password resets for those affected accounts and for accounts that hadn’t changed passwords in a while. Yahoo has now provided some simple steps for users to protect themselves in the wake of this breach:
If you do decide to stick with Yahoo, it also recommends that you useYahoo Account Keyto forgo the password process entirely.
Between the hacks of Equifax, Yahoo, Target, and Home Depot, it seems like everyone’s data is up for grabs at the moment. We strongly suggest using complex passwords or using a password manager likeLastPass, Enpass, or 1Password. It won’t keep you completely safe, but it will help secure your accounts.
Also, keep an eye on your credit report too. While no social security numbers or financial information may have been breached in the Yahoo attack, the same can’t be said forthe Equifax hack. You can downloadCredit Karmafor free to watch out for suspicious activity or pull your free credit report fromAnnual Credit Report. Beyond that, you can place a fraud alert on your credit file or completely freeze your credit. You’ll have to contact each agency individually to go through that process.
Thank you for being part of our community. Read ourComment Policybefore posting.
