recommended reading

Threatwatch

Yahoo Issues Fresh Warning About Forged Cookie Breach

Stolen credentials; User accounts compromised

Some Yahoo users recently received alerts that intruders may have accessed their accounts last year using forged cookies.

A forged cookie can grant access to account information without needing passwords. The tech company previously disclosed the scheme—and blamed unnamed state-sponsored actors—in late 2016, but sent alerts to users Wednesday, The Guardian reported. Yahoo didn’t say how many users were affected.

Despite disclosing multiple security breaches, including a 2013 breach that affected 1 billion users, Yahoo is still in the middle of selling its core business to Verizon. Recode reported Verizon may knock up to $350 million off the original $4.8 billion deal and shift liability for undiscovered breaches to what’s left of Yahoo.

sector

Web Services

reported

February 15, 2017

reported by

The Guardian

number affected

Unknown

location of breach

Unknown

perpetrators

State-Sponsored Hackers

location of perpetrators

Unknown

date breach occurred

2015-2016

date breach detected

Unknown