Yahoo warns users of potentially malicious activity on accounts due to forged cookies

Yahoo has warned users that a forged cookie was used to gain access to accounts without a password between 2015 and 2016

16 February 2017, 11:37am
The forged cookie was created by software stolen from within Yahoo's internal systems
The forged cookie was created by software stolen from within Yahoo's internal systems
Yahoo has warned users of potentially malicious activity on their accounts between 2015 and 2016, using a forged cookie to gain access to accounts without re-entering passwords, the latest in a string of cyber security problems faced by the technology company.

The forged cookie was created by software stolen from within Yahoo's internal systems.

The warning comes two months after the company revealed that data from more than 1 billion user accounts had been compromised in August 2013, the largest such breach in history. The number of affected accounts was double the number implicated in a 2014 breach the internet company disclosed in September and blamed on state-sponsored hackers.

Yahoo believes that the cookie-forging activity is linked to the same state-sponsored hackers, although the company would not name the state. Security experts have pointed to Russia and China as the usual suspects for these kinds of attacks.

It is not clear how many user accounts are affected by the malicious activity announced Wednesday.

“The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again,” a Yahoo spokeswoman said.

Notifications have been sent out to almost all affected users, although security investigations are still ongoing.

The news comes as reports suggest that Verizon is close to a renegotiated deal for Yahoo’s internet properties that would reduce the price of $4.8 billion agreement by about $250 million, following revelations about the company’s security breaches.