New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Yahoo Warns Users of Third Data Breach As Verizon Closes in on Revised Deal

Thursday February 16, 2017 1:34 am PST by Tim Hardwick
Yahoo has issued a new warning to account holders about malicious hacks linked to a third data breach that the company disclosed late last year.

The warning relates to more recent malicious activity targeting accounts between 2015 and 2016, most likely perpetrated by a "state actor", according to Yahoo. Specifically, the hacks are said to have been achieved by using "forged" cookies – the text-based keys that give web users access to username and password information without having to re-enter it – created by software stolen from within Yahoo's internal systems.

A message was sent to affected Yahoo users on Wednesday, warning them of the unauthorized access to their account, but Yahoo did not reveal how many people were notified.



Yahoo's announcement came just hours after reports that Verizon was close to a renegotiated deal to buy Yahoo's core assets at a lower price. Last year, Verizon agreed to buy Yahoo’s core business for $4.83 billion, but on Wednesday Bloomberg reported that the renegotiated deal would slash about $250 million off that price because of the security breaches that were revealed after the initial deal was agreed. 
"As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password," a Yahoo spokesperson told Associated Press. "The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again."
Back in September, Yahoo revealed that hackers had stolen the personal data of "at least" 500 million users, but by December, the internet company admitted that over one billion Yahoo user accounts had been compromised in a separate hack dating back to August 2013. Information stolen included names, email addresses, phone numbers, birth dates, hashed passwords, security questions and answers.

The internet company is currently under investigation from the Securities and Exchange Commission over its failure to disclose its massive data breaches sooner.

Tag: Yahoo
[ 79 comments ]


Top Rated Comments

(View all)

Avatar
btrach144
24 months ago
We don't need Yahoo anymore. They just need to die along with Adobe Flash.
Rating: 14 Votes
Avatar
maflynn
24 months ago
Verizon would be foolish to close this deal, revised or not. There's no many problems with Yahoo now, and clearly the hacking problems are material enough for them to walk away. I never got why Verizon wanted to buy them in the first place.
Rating: 10 Votes
Avatar
symphara
24 months ago
It boggles the mind that this company is worth anything, nevermind 4 billion.
Rating: 10 Votes
Avatar
Brian Y
24 months ago
Seriously? Forged cookies? What is this, 1998?
Rating: 9 Votes
Avatar
MysteriousStain
24 months ago
Ya Who?
Rating: 7 Votes
Avatar
keysofanxiety
24 months ago
This would be bordering on comical if it wasn't so tragic.
Rating: 7 Votes
Avatar
soupcan
24 months ago
The breaches keep on coming holy crap.
Rating: 6 Votes
Avatar
macs4nw
24 months ago
The perils of the digital age..... whether we like to admit it or not, we're all vulnerable.
Rating: 4 Votes
Avatar
sk1wbw
24 months ago
Yahoo should change its name to Uh-Oh.
Rating: 3 Votes
Avatar
WinstonRumfoord
24 months ago
Does anyone use yahoo for anything other than a "burner email" for when you HAVE to register an email?
Rating: 3 Votes

[ Read All Comments ]