Yahoo is warning users: Hackers may have accessed their accounts without a passwords

Users of Yahoo: Be careful, because hackers may have logged into your accounts, using a forged “cookie” that can give access without a password.

As the CNET informed, the attack was announced in September, but it has been largely overlooked until now.  This was considered as the largest breach in the history.

According to them, it had connected some sort of cookie-based attacks to the “same state-sponsored actor” which, as they believe is responsible for the hack.

It’s not really clear why the users are receiving a notification now, and not when Yahoo had its first cookie attack, months ago.

Cookies function is to store personal information in the browser, so you wouldn’t have to write that information again, when you want to log in. In the announcement of September they said that some unauthorized third party accessed the proprietary code of the company to learn how to forge cookies.

Yahoo’s spokesperson sent the following statement in response to this story:

“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used.  Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”

What do you think about this kind of security breach?

Do you think there is somehow a chance to prevent things like this happening?

Feel free to post any comments and share if you like the article!

If you enjoyed this article or learned something new, please don't forget to share it with others so they have a chance to enjoy this free information.