Skip to content ↓ | Skip to navigation ↓

Yahoo is warning more of its users that their accounts might have been accessed by unauthorised parties.

Yahoo believes that hackers managed to break into its internal systems, and used the proprietary code they accessed to forge cookies that would allow attackers to access accounts without needing a password.

It goes without saying that the ability to access Yahoo accounts without needing a password would be incredibly valuable to hackers keen to spy on and steal from targeted users.

Yahoo first started warning users it believed had been compromised through the cookie-forging attack back in December 2016. But the fact that it is now sending out more alerts suggests that it has uncovered that the attack was on a wider scale than previously thought.

Yahoo says that as part of an ongoing investigation, conducted by external digital forensic experts it brought in to handle the crisis, evidence has been uncovered that leads it to believe that forged cookies were used in 2015 or 2016 to access some users’ accounts.

Yahoo has not made public how many users it has informed of the potential security breach, but numerous users have posted online that they have received a warning email from the company.

The company says it has connected some of the cookie-forging activity to “to the same state-sponsored actor” it believes was responsible for stealing the account information of 500 million Yahoo users in late 2014.

No link has been made so far with this security incident and the separate theft of “data associated with more than one billion user accounts” in August 2013 (made public in December 2016).

Yahoo is asking users to check all of their accounts for suspicious activity, to be on guard against unsolicited emails that contain suspicious attachments, request their personal information or link to webpages that might be phishing for credentials.

In addition, Yahoo is pointing users to a knowledgebase article containing security recommendations.

Yahoo has certainly been having a difficult time of late security-wise, which is hardly ideal timing for the company as it tries to sell itself to Verizon.

Yahoo is working with law enforcement as it continues to investigate the series of security breaches.

 

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Hacking Point of Sale
  • userw6803

    What I loathe about Yahoo are the numerous sponsored ads feigning as legitimate news. Many of these ads are scams but Yahoo gets paid big bucks for running them. Scan Guard is one of these scams.

    My second loathing of Yahoo is their login prompt requires you to uncheck a box stating “keep me signed in”. I suspect many people ignore unchecking this box and as a result are perpetually signed in even after leaving the web site and thus open to their account being hacked.

    Money is first at Yahoo and safety is second.

  • A security incident after another is unacceptable for a corporation that level.