Last December Yahoo said that more than 1 billion accounts were affected by the attack that happened in 2013, but now this number is tripled.
Yahoo, now part of Verizon, said that it will alert the users who were not previously notified of the attack. However, the stolen information does not include passwords in clear text, payment card data or bank account information.
“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,” Yahoo said on Tuesday.