By now I'm sure that you have heard of the massive data breach at Yahoo. The breach happened back in 2014 but we didn't find out about it until recently. Information that may have been stolen includes email addresses, names, telephone numbers, hashed passwords, birthdays and even encrypted or unencrypted security questions and answers.
When the breach was finally reported, Yahoo confirmed that at least 500 million of its users were affected. But is that number accurate? A former Yahoo insider says that number could be more than double!
An anonymous former executive with Yahoo told Business Insider that the data breach could have actually affected up to 3 billion accounts. The exec said that Yahoo's back-end system is organized in such a way that the number of compromised accounts could be much larger than reported. The number could actually be between 1 billion and 3 billion.
What makes the number of potentially affected accounts so high is Yahoo's use of one main user database (UDB) for authentication. When a customer accesses any Yahoo account like email, finance or fantasy sports, all of their usernames and passwords are verified through the UDB.
The former exec says the UDB is massive. When the hack took place in 2014, there were an estimated 700 million to 1 billion monthly active users of Yahoo products. There were also many inactive accounts that were not deleted. Currently, Yahoo has over 1 billion monthly active users globally.
Yahoo has not said how the breach happened, or when it was discovered for that matter. It is under investigation.