Yahoo believes that the cookie-forging activity is linked to the same state-sponsored hackers, although the company would not name the state. Security experts have pointed to Russia and China as the usual suspects for these kinds of attacks, although some have questioned whether Yahoo would be a target.
It is not clear how many user accounts are affected by the malicious activity announced Wednesday, although a Yahoo investigation has revealed that it involved the use of forged cookies, which can be used to access people’s accounts without re-entering their passwords.
Yahoo told the Guardian that it first reported the cookie forging in a filing in November 2016 and outlined the issue in a security update in December 2016, although some users are only being notified this week.
A Yahoo spokeswoman said: “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”
Notifications have been sent out to almost all affected users, although security investigations are still ongoing.
The news comes as reports suggest that Verizon is close to a renegotiated deal for Yahoo’s internet properties that would reduce the price of $4.8bn agreement by about $250m, following revelations about the company’s security breaches.
More about:
