February 17, 2017 by

Yahoo: Your Email Accounts May Have Been Hacked, Again

For the third time in less than 6 months, Yahoo has, once again, warned users that their email accounts may have been hacked.

On the day where Verizon is reportedly renegotiating its deal to acquire Yahoo at $250 less than the original amount, Yahoo has revealed that their email accounts may be compromised.

While declining to reveal the number of accounts or users affected, Yahoo has begun notifying users that their accounts may have been accessed without their knowledge between 2015 and 2016.

In an email circular sent to users today, the company stated:

Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.

These “forged cookies” were first revealed by Yahoo in December, when the company admitted to the breach of a billion user accounts. The company believes the forged cookie incident to be related to an earlier breach it reported in September, one that involved 500 million accounts.

“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” a Yahoo spokesperson confirmed in a statement. “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”

To create these rogue cookies, researchers believe that malicious hackers obtained Yahoo’s source code in order to breach the internet company’s databases.

Intriguingly, Yahoo adds that the breaches were the result of a state-sponsored attack, although there is no evidence to prove this claim.

In recent times, Yahoo has admitted to a number of significant data breaches, including the 500 million accounts compromised in 2014 and up to a billion accounts – one of the largest data breaches ever – in 2013. Notably, these mega-breaches only came to light last year. As a consequence, the Securities and Exchange Commission (SEC) is now investigating Yahoo to see why the web giant waited years before disclosing the attacks.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Russian Spies Hired Cybercriminals to Hack 500 Million Yahoo Accounts: Justice Dept

The United States government has directly implicated Russian agents of instigating and directing the...

Read more arrow_forward

US Justice Department to Announce Charges against Russians & Canadian in Yahoo Breach

The U.S. Department of Justice is reportedly set to announce indictments against suspected hackers...

Read more arrow_forward

Massive Data Breaches Cost Yahoo $350 Million in Sale to Verizon

Yahoo’s sale of its core business to Verizon for what was originally a $4.85 billion deal now sees...

Read more arrow_forward

If you have any further questions, please don't hesitate to contact us.