Yahoo finally came clean Tuesday and admitted that the number of accounts impacted by a massive security breach in 2013 was three times larger than it had originally announced — meaning all accounts were affected.
Roughly 3 billion accounts were breached, the company now says, up from its earlier estimate of more than 1 billion.
The company has yet to disclose the cause of the breach.
Consumer advocates correctly said it was inexcusable that the information was just being released now.
“It was outrageous that it took (Yahoo) three years on the first announcement, and now it’s unbelievable that a year later that they are saying, ‘Oops, it was three times what we thought,’” said John Simpson of privacy advocate group Consumer Watchdog. “These guys shouldn’t be in the Internet business.”