After confirming a massive cyber attack last December that implicated 1 billion accounts, Yahoo parent company Oath announced today that after further investigation, all 3 billion user accounts that existed in August 2013 were affected by the massive data breach.
Oath has said that the stolen data did not include sensitive items such as passwords, payment card, or bank information. However, those affected may have had their names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers, stolen.
Actions currently being taken by Yahoo include sending email notifications to the additional affected user accounts, requiring them to rest their passwords, and invalidating unencrypted security questions and answers, as well as actively working with law enforcement.