YAHOO HAS ADMITTED that its 2013 super-hack affected every single one of its three billion customers, triple its original one billion estimate.
Parent company Oath, which was taken over by US telco giant Verizon and plonked alongside AOL earlier this year, said that a new investigation had found that the extent of the problem was far deeper than the estimated one billion previously acknowledged publicly, following "assistance of outside forensic experts" and "new intelligence."
When the breach was uncovered in 2016, Yahoo took action to protect accounts in a barn-door-bolted-horse sort of way, including the deletion of unencrypted security questions, emails to all affected customers and making password changes obligatory.
Yahoo has emphasised that plaintext passwords, payment card data and back account information were not stolen.
"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, chief information security officer at Verizon.
"Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."
At the point of sale, the company valuation was $4.5bn - a huge drop in its original valuation caused as a direct result of the disclosure of two major hacks, the one in 2013, and a further one a year later.
Yahoo has remained behind the curve on security for some time, being one of the last webmail services to switch to an encrypted offering and as such, being hacked is a common complaint amongst users.
The company stressed that this is not a new security issue but rather a continuation of the existing one and that it is "continuing to work closely with law enforcement" which is cold comfort for anyone who still uses a ruddy Yahoo Mail account. Or a Sky or Virgin account, for that matter. µ
We'll soon have EUV to thank for smaller chips and better phones
Just two years after he co-founded the non-profit AI safety group
Firm claims devices will allow 'untethered VR from anywhere in the world'
The file-sharing web and desktop clients could have shared a little too much