Yahoo is telling users that hackers may have accessed their accounts without passwords

Advertisement

Yahoo CEO Marissa Mayer

Reuters/Pascal Lauener

Yahoo CEO Marissa Mayer

Yahoo is telling some of its users that hackers may have logged into their accounts, using a forged "cookie" which gives access even without a password.

Advertisement

According to CNET, the attack was originally announced in September, but has largely been overlooked until now as the revelation was included within a larger announcement about a Yahoo security breach considered the largest in history.

Yahoo said it had connected some of the cookie-based attacks to the "same state-sponsored actor" believed to be responsible for one of the other hack.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

It's unclear why some of the users are receiving the notification now, months after Yahoo first disclosed the cookie attacks.

Cookies are used to store personal information in the browser, so you don't have to type in your user information again. Yahoo said in its September announcement that "an unauthorized third party accessed the company's proprietary code to learn how to forge cookies."

Advertisement

Yahoo's spokesperson sent the following statement in response to this story:

"As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again."

NOW WATCH: Watch 6 hours of Winter Storm Niko in under one minute