By Mark Phillips ¦ Blog.TotalAV.com ¦
Giants of the internet world have long been victims of hacking, and Yahoo’s breach will come as a distressing headline for millions of its users. The tech corporation, best known for its global search engine, email and other online services, has recently revealed yet more jarring news.
Back in 2016, Yahoo disclosed that two colossal data breaches had occurred, and it’s now been confirmed that millions of user accounts were forcibly accessed during the past two years.Yahoo began notifying its users of the attack during February. “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.” Though the company declined to round out a figure, it’s since become known that approximately 32 million accounts were accessed.
This recent hacking activity is reported to have revolved around the use of “forged cookies”, according to the company’s latest annual filing. “Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies.”
Cookies are strings of data that are used across the web on a daily basis, but, in the hands of a hacker, can be used for malicious purposes. For instance, an online user account could be accessed with minimal effort, not even requiring the associated user’s password. Once inside, all manner of highly sensitive details are exposed, such as names, addresses, emails and security questions.
A portion of Yahoo’s latest attacks are the work of the “same state-sponsored actor believed to be responsible for the 2014 breach”, the company said, referring to a past intrusion that saw a staggering 500 million user accounts compromised. The breach is still under investigation, with the FBI confirming signs of a “state-sponsored” attack.
Slow responses to Yahoo’s security lapses have cost the company in the tune of $350 million. In response, Yahoo’s general counsel, Ronald Bell, has resigned without severance pay, while CEO Marissa Mayer will be docked her annual $2 million bonus, in addition to a lucrative stock reward. Mayer has also offered to turn down any equity award for the remainder of 2017.