Hunt, who also maintains the breach-notification website haveibeenpwned.com, recalled that last year, Yahoo had already reported about a massive account breach.
"[Yahoo's largest data breach] is both surprising and not surprising given that we earlier heard about a billion Yahoo data breach in 2016, and it was very shocking to know that the number actually tripled. On the other hand, Yahoo's announcement last year came after a statement about half a billion record data breach. So it's pretty consistent for them," he said.
Hunt also recalled that last year saw the breach of hundreds of millions of Dropbox and LinkedIn' records, something that lends weight to the assertion that Yahoo's three billion account breach is "not that unusual."
He also warned of a possible escalation of the situation, not ruling out that the data that was breached could go public and that another organization may fall victim to hackers' attacks.
"Companies [often] underestimate the actual scope of data breach incidents," Hunt said.
When asked what an ordinary user should do to protect his account from being compromised, he called for creating a "unique and strong password" as well as "multi-step verification."
Hacker News — Yahoo Data Breach: What You Should Do About Your Yahoo Account https://t.co/4iCwleLQji
— Sec News Bot (@SecNewsBot) 5 октября 2017 г.
Yahoo's new parent company, Verizon Communications, said in a press release on Tuesday that the number of all those compromised by hackers significantly exceeds the original estimates, which suggested the attack affected 'only' one billion accounts.
Verizon acquired Yahoo in June in a transaction deal that stated that both companies will equally share all future legal costs that are linked to the data breaches.
Earlier this year, it has been reported that 14 million Verizon customers had their data exposed after a third-party Israeli technology company stored user information on an insecure Amazon server.