The tech giant Yahoo is warning some of its users that state-sponsored hackers have breached their account by using a forged “cookie” attack, which doesn’t need obtaining customer passwords. The warning is a continuation of the firm’s answer to a series of significant attacks declared in year 2016.
The Company confirmed on 15th Feb 2017, that is was notifying customers that their personal accounts may have hacked illegally between years 2015-2016 but declined to say how many users were targeted. Nevertheless, sources familiar with the issue tell Consumerist that warnings have sent out to a realistically final list of customers and the inquiries are in their final stages.
Yahoo wrote in an email to customers,
Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.
A few of others on Twitter also claimed they had received a same email from the company. The company confirmed the warnings were genuine.
Yahoo exposed in September 2016, the breach of 500 million emails, then thought to be the biggest breach of data in the web history, just to reveal in December 2016 an another breach of 1 billion records. The company said that attackers were later able to get entree to accounts without requiring passwords after breaching the Yahoo’s source code utilized to make cookies.
On the other hand, Yahoo overturned the cookies, after knowledge of the hacks, successfully locking out the hackers. The firm started sending out warnings on Wednesday. As update broke that Verizon, a web giant which is going to buy Yahoo, lowered its price for the Yahoo by $250 million because of the recent 2 breaches.
By contrast, the cyber-attack on the credit cards company “Target” cost the firm almost $162 million, later being balance by a $46 million insurance right.
Yahoo faces constant queries by legislators, who this week criticized Yahoo for failing to response “a number of basic questions” about the 2 mega breaches.
A spokesperson from Yahoo said, “As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”
Note: The best solution to overcome this scenario is to change the password for your Yahoo account. Learn here how to make the password stronger. Also, be cautious with any unsolicited emails you may receive.