Yahoo warns users of account breaches related to recent attacks

'A forged cookie may have been used ... to access your account'

Yahoo has begun warning individual users that their accounts with the service may have been compromised in a massive data breach it reported late last year.

The warning, in email messages sent from Yahoo CISO Bob Lord, tell users that a forged cookie may have been used to access their accounts in previous years.

The warning to Yahoo users come at the same time that news reports suggest that Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of US$250 million because of the data breaches.

In December, Yahoo reported that data associated with more than 1 billion user accounts was stolen in August 2013. Less than three months earlier, the company reported a separate data breach affecting more than 500 million users that originally occurred in late 2014.

In a new warning to users sent Wednesday, Yahoo said the forged cookie problem allowed hackers to gain access to user accounts without passwords. The company connected the issue to the breach it reported in September.

"Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account," the new email from Yahoo says. "We have connected some of the cookie forging activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on Sept. 22, 2016."

Yahoo has not identified the state-sponsored actor. The new email was sent to users whose accounts were breached in what was apparently a general attack. Individual users who seem to have been specifically targeted by the state-sponsored actor were sent an additional notice.

Yahoo recommended that users review their accounts for suspicious activity, be cautious of unsolicited communications that ask for personal information, and avoid clicking on links or downloading attachments from suspicious email messages. The company asked users to consider adopting its Yahoo Account Key, an authentication tool that eliminates the need for a password.

"We invalidated the forged cookies and hardened our systems to secure them against similar attacks," Yahoo said in the new email. "We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags cybersecurityYahoobreach

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?