Yahoo Issues Fresh Warning About Forged Cookie Breach
Stolen credentials; User accounts compromised
Some Yahoo users recently received alerts that intruders may have accessed their accounts last year using forged cookies.
A forged cookie can grant access to account information without needing passwords. The tech company previously disclosed the scheme—and blamed unnamed state-sponsored actors—in late 2016, but sent alerts to users Wednesday, The Guardian reported. Yahoo didn’t say how many users were affected.
Despite disclosing multiple security breaches, including a 2013 breach that affected 1 billion users, Yahoo is still in the middle of selling its core business to Verizon. Recode reported Verizon may knock up to $350 million off the original $4.8 billion deal and shift liability for undiscovered breaches to what’s left of Yahoo.
February 15, 2017
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected