Having finally completed its acquisition Verizon has been able to do a proper job of investigating the extent of the Yahoo data breach and the results are not good.

An announcement from its content division, which Verizon for some reason decided to call Oath, revealed that all of three billion Yahoo accounts in existence at the time of the 2013 data theft were affected. Prior to its acquisition by Verizon Yahoo had insisted that a maximum of one billion accounts had been affected, so that’s quite a bit difference.

It looks like Verizon brought in some third party cyber security and forensics experts, something it would have been reasonable to expect Yahoo to do prior to the acquisition, and they helped it come to this bleak conclusion. The company insists this is not a new security issue as password and financial information was not stolen, but the additional two billion accounts affected could be forgiven for taking these reassurances with a pinch of salt.

“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer at Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”

This leads us to question, once more, why Verizon didn’t just bail on the deal when it was clear how badly the breach had been managed by Yahoo, or at least get a much bigger reduction on the price. Not only might Verizon now be liable for compensation and/or legal recrimination, but it’s Oath division has taken a publicity hit almost as severe as the name itself. Surely whatever underlying value Yahoo might provide isn’t worth all this hassle and expense.