The team at Securolytics wants our clients and partners to be informed. Here is the newest report from Yahoo about a breach that affected 500 million Yahoo accounts.
Yahoo‘s newly issued warning to users about malicious hacks is related to a third data breach that the company disclosed in December 2016.
A warning sent to some Yahoo users Wednesday read: “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”
This breach was quietly revealed in a December 2016 statement from Yahoo that provided information on a separate hack that occurred in August 2013 involving more than 1 billion accounts. Some of 2015 and 2016 incidents have been tied to a “state-sponsored actor” that was involved in another 2014 breach that affected up to 500 million accounts.
“Forged cookies” are digital keys that allow access to information without re-entering passwords. The leaked data included email addresses, birth dates and answers to security questions. Yahoo declined to say how many people were affected.
“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” a Yahoo spokesperson said in an emailed statement. “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.”
A source familiar with the matter said the investigations for these breaches are nearing an end.
The earlier, catastrophic breaches that impacted over 1.5 billion accounts raised questions about Yahoo’s security, and called into question the company’s deal to sell itself to Verizon Communications.
Both SunTrust and CFRA retained their hold opinion on Yahoo shares, mostly tied to the fact that Verizon will likely still purchase the internet company and has renegotiated the purchase price. Bloomberg reported that the telecommunications company was able to reduce the initial $4.8 billion price by $250 million due to the data breaches. This story was reported by AP and CNBC’s Michelle Castillo
Contact Securolytics now to learn more. Our global team is ready to assist you. We are all motivated by one overriding purpose- to keep organizations and businesses out of harm’s way from cyber criminals and sophisticated hackers.