Yahoo Accounts Hack: Hackers used forged cookies to access 32 million accounts

This news doesn’t come as a surprise to many, as Yahoo had already revealed last month that it had encountered yet another account breach. However, no further details about the hack have been made public by the American search giant since then. But today via an SEC 10-K filing, the company revealed that the latest breach had compromised over 32 million user accounts. This number, however, is smaller when compared to the last two hacks that affected over a billion Yahoo accounts.

Keeping the numbers aside, there is another breakthrough in the episode of hacks that has been muddling Yahoo over two years now. “Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies.”, Yahoo explained. The cookies have since been invalidated to block further access, and the hacked users were notified immediately to change their passwords and strengthen the security.

Yahoo also said that the new accounts were accessed illegally by the same “state-sponsored actor”, who was behind the major 2014 breach, that reportedly affected more than 500 million accounts. Some of the user data obtained from these hacks were put on sale on the dark web for $300,000, as revealed in August last year.

As a consequence of the unfortunate events, Yahoo would not award its CEO Marissa Meyer a cash bonus for 2016, and Meyer offered not to take any 2017 annual equity. The security breaches have also affected the Verizon-Yahoo deal, due to which Verizon lowered the promised $4.48 billion deal by $350 million.

Source: PCMag