Yahoo seems to get more attention from it’s faltering business, and now it recently let its users know that cyber attackers may have gotten into their account or even taken them over. The warning is about potential malicious activity on accounts during 2015 and 2016.
The company confirmed on Wednesday that it was notifying users that might be affected. This is part of their investigation that affected one billion users data a few years back.
It seems that the malicious activity centered around the use of ‘forged cookies’ which are strings of data used on the web that allows people to get access to online accounts without having to re-enter the owner’s password.
“We are writing to inform you about a data security issue that involves your Yahoo account,” the warning from Bob Lord, Yahoo chief information security officer, begins. “Our outside forensics experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password.
“Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 and 2016 to access your account.”
Hackers have been pretty active and gotten into some major accounts over the past few years including:
Details of 1 billion accounts stolen in the largest data breach on record
eBay asked 145m users to change passwords after hackers stole customers’ names, addresses, and dates of birth
A serious vulnerability was discovered in encryption technology used to protect many of the world’s major websites, leaving them vulnerable to data theft
A cyber attack on Sony Pictures Entertainment leaked the private details of 47,000 employees and actors
Details of 500 million user accounts were stolen by “a state-sponsored actor”, although they have yet to be made public
US Central Command (2015):
Ashley Madison (2015):
Hackers threatened to publish the names of up to 37m AshleyMadison.com customers – a dating website for adulterous affairs
Talk Talk (2015):
Almost 157,000 customers’ personal details were accessed when hackers targeted TalkTalk’s website, stealing 15,656 bank account numbers, sort codes, and obscured credit card details
360m passwords and email addresses, believed to have been stolen several years before, were listed on a hidden internet marketplace on the dark web
Yahoo disclosed that there had been two major data breaches last year that involved 1.5 billion user accounts being compromised in 2013 and 2014. They suspect that the ‘forged cookie’ hacker may have been behind these too. It took the company two months after they discovered the attack to let their customers know.
Yahoo said: “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”
The company is being forthcoming as their deal with Verizon is nearly finalized where it will be undergoing a name change. The telecom giant is getting the good end of the deal as these issues have allowed them to knock off about $250 million off the Yahoo pricetag.