Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Yahoo Notifies Users of Sophisticated Breach Methods

Yahoo said Wednesday it was notifying some users that hackers may have been able to use a maneuver to break into their accounts without stealing passwords.

Yahoo said Wednesday it was notifying some users that hackers may have been able to use a maneuver to break into their accounts without stealing passwords.

The latest notifications were in response to the record breach disclosed late last year affecting an estimated one billion users — which involved forging of “cookies” or files used to authenticate users when they log into their accounts.

The notification indicates the investigation into the attacks are in the final stage, according to a source familiar with the matter, noting that messages had been sent to “a reasonably final list” of Yahoo users.

A Yahoo spokesman said the company was notifying all potentially affected users and that it had “invalidated” the forged cookies.

“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” the company said in a statement.

“The investigation has identified user accounts for which we believe forged cookies were taken or used.”

Yahoo announced in September that hackers in 2014 stole personal data from more than 500 million of its user accounts. It admitted another cyber attack in December, this one dating from 2013, affecting more than a billion users.

The data breaches have been a major embarrassment for a former internet leader that is in the process of selling its core operations to telecom giant Verizon for $4.8 billion.

Some reports Wednesday said the two companies had agreed to discount the price by $250 million to $300 million following disclosure of the attacks.

Neither Yahoo nor Verizon commented on the reports.

Yahoo is selling its main operating business as a way to separate that from its more valuable stake in Chinese internet giant Alibaba.

The share-tending entity, to be renamed Altaba, Inc., will act as an investment company.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.