Some Yahoo users recently received alerts that intruders may have accessed their accounts last year using forged cookies.
A forged cookie can grant access to account information without needing passwords. The tech company previously disclosed the scheme—and blamed unnamed state-sponsored actors—in late 2016, but sent alerts to users Wednesday, The Guardian reported. Yahoo didn’t say how many users were affected.
Despite disclosing multiple security breaches, including a 2013 breach that affected 1 billion users, Yahoo is still in the middle of selling its core business to Verizon. Recode reported Verizon may knock up to $350 million off the original $4.8 billion deal and shift liability for undiscovered breaches to what’s left of Yahoo.