Yahoo is telling users that hackers may have accessed their accounts without passwords
According to CNET , the attack was originally announced in September , but has largely been overlooked until now as the revelation was included within a larger announcement about a Yahoo security breach considered the largest in history.
Yahoo said it had connected some of the cookie-based attacks to the "same state-sponsored actor" believed to be responsible for one of the other hack.
It's unclear why some of the users are receiving the notification now, months after Yahoo first disclosed the cookie attacks.
Cookies are used to store personal information in the browser, so you don't have to type in your user information again. Yahoo said in its September announcement that " an unauthorized third party accessed the company's proprietary code to learn how to forge cookies."
Yahoo's spokesperson sent the following statement in response to this story:
"As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again."
More from this author
- Shree Sai Spaces Creations and Wasankar Wealth man...
- Facebook's mobile advertising onslaught continues
- The 10 most popular advertising CEOs
- Apple should kill its advertising business
- #IndependenceDaySpl: The evolution of Indian Adver...
- 18 false advertising scandals that cost some brand...
- The 29 best people in advertising to follow on Ins...