Yahoo says the the security breach that affected the company earlier in 2017 was three times worse than previously thought.
A probe has shown that all of its three billion user accounts were impacted in the attack which dated back to 2013. This included accounts that were opened and only briefly used.
It had originally said that only one billion of its accounts had been affected and had contacted those who had been additionally affected.
Data that had been stolen did not include bank details, passwords in text or card data and that it was "continuing to work closely with law enforcement".
Yahoo also said it had invalidated unencrypted security questions and answers.
Yahoo was taken over by US telecoms firm Verizon in June for $4.8bn which has combined with its AOL subsidiary into a new business called Oath.
Verizon has combined its AOL subsidiary and Yahoo into a new business called Oath.
Verizon's chief information security officer Chandra McMahon said in a statement: "Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats."
"Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."
The revelation of the extent of the Yahoo breach came on the same day that the ex-head of credit agency Equifax was grilled in Congress over a breach in its systems of data of over 145 million people.