Yahoo has slowly been crumbling over the past years and they are just about down to their last bricks. The company was all but crushed by Google in search and their last few years have been plagued by security breach after security breach. Adding insult to injury, the company has just suffered yet another security breach — this time without even needing to be hacked. This latest flare-up may have affected millions of Yahoo users in 2015 and 2016. The company says that due to a flaw in the Yahoo mail service, attackers could use a “forged cookie” to access Yahoo users email accounts without needing a password or even really hacking it.
Yahoo informed some users in e-mails this week that “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.” The messages are regarding possible breaches using the cookie vulnerability in 2014.
“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”
Yahoo has not given any indication just how many users have been affected by this flaw or how may users have had their accounts accessed by outside sources. They are working on their investigation but at this point, I’m sure many people have left or are considering leaving Yahoo for more secure pastures. There are now rumors that Verizon is still interested in purchasing Yahoo but are lowering their offer by $250USD million because of the recent security breaches.
What do you think about Yahoo’s problems? Let us know in the comments below or on Twitter, Facebook, and Google+.Source: ArsTechnica