Yahoo has revealed that some of its users' accounts may have been hacked. It is assumed that the hackers might have used a forged "cookie" capable of accessing the accounts without a password.
According to CNET, the "cookie" attack was announced in September last year but was played down completely until now due to an even bigger announcement involving a security breach considered to be the biggest in the history of Yahoo. Yahoo has claimed that the same hackers are responsible for both the attacks as the pattern of the incidents are the same. Some hackers backed by a government source are claimed to be behind the "cookie" attack.
A cookie is generally used by websites to store personal information of the users so that they don't have to put in their credentials every time they log in. In its September announcement, Yahoo declared that an unauthorized third party had accessed the company's "proprietary" code to learn how to forge cookies. Though it is not clear to the Yahoo users why some of them are getting this information now, months after Yahoo disclosing the "cookie" attacks.
According to CNBC, the security breach that shadowed the revelation of the "cookie" attack of September, took place in August 2013 and was sedately announced in December 2016. It is claimed that the breach involved more than 1 billion Yahoo accounts. This calamitous breach has raised questions on the credibility of Yahoo as a company and its security systems. The latest "cookie" attack once again uncovers Yahoo's vulnerable security mechanism.
In a statement from the top management of Yahoo, it has been said that the forensic experts of the company are already investigating about the forging of the cookies that helped the third party intruder to access the users' accounts without entering passwords. The statement also said that Yahoo is in the process to notify all the users affected by the "cookie" attack.
Despite the "cookie" attack, companies like SunTrust and CFRA continue to retain their shares in Yahoo, mainly because of the reason that the telecommunication company Verizon will take over the yesteryears internet giant. Verizon has reportedly reduced their bid to buy Yahoo by $250 million from their initial quoted price of $4.8 billion due to the attacks.