Yahoo just announced that 3 billion users' accounts have been compromised, 3 times more than originally thought. This appears to be a fairly major under estimate, and once again makes the Yahoo breach the largest ever. Does this change anything for people impacted by the breach? Probably not since the damage has already been done, however once again it is a wakeup call to the dangers of breaches and a reminder that there is a long way to go in the fight against cyber criminals.
When Yahoo disclosed in December that a billion (yes, billion) of its users' accounts had been compromised in an August 2013 breach, it came as a staggering revelation. Now, 10 months later, the company would like to make a correction: That incident actually exposed three billion accounts—every Yahoo account that existed at the time. On the one hand, this new information doesn't really change things in a practical sense, because the initial billion account estimate was already enormous—you could safely assume you were impacted—and Yahoo took protective steps for all users in December, like resetting passwords and unencrypted security questions. On the other hand, three billion accounts.