Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on February 16, 2017

Yahoo warns users against state-sponsored hackings as it suffers yet another breach


Yahoo warns users against state-sponsored hackings as it suffers yet another breach

It seems Yahoo has landed itself in trouble again. The company has reportedly been sending out emails to warn users that state-sponsored attackers might have breached their accounts.

The hackers purportedly relied on a sophisticated cookie forging exploit that could be executed without the need to acquire user passwords, ZDNet reports.

The announcement follows a series of high-profile breaches Yahoo reported last year. Last September the Sunnyvale giant revealed it had suffered a massive attack affecting more than half a million users; then three months later, it came forward with another major breach putting over a billion users at risk.

The magnitude of the latest attack remains unclear, but an email obtained by ZDNet suggests the vulnerability dates back to 2015.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

“The investigation has identified user accounts for which we believe forged cookies were taken or used,” a company spokesperson confirmed. “Yahoo is in the process of notifying all potentially affected account holders.”

The Sunnyvale company further remarked that, following the breach, it has invalidated the cookies, therefore effectively cutting off the hackers.

The news comes shortly after reports that Verizon is finally closing in on its prolonged negotiations to acquire Yahoo. While the two companies initially agreed on a $4.83 billion buyout offer, Verizon is likely to get a hefty price cut of between $250 and $350 million following the string of hackings.

Meanwhile, Yahoo was recently said to be under investigation by the Securities and Exchange Commission for delaying its data breach announcements for years.

Time to delete that Yahoo account and put the matter to bed.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top