Yahoo warns users about data breaches tied to past attacks

[uk666 5,298]

Yahoo warns users about data breaches tied to past attacks

Yahoo, based n Sunnyvale, Calif., is warning individual users that their online accounts may have been compromised in a massive data breach it reported late last year

 

Yahoo is warning some users their online accounts may have been attacked by a "state-sponsored attacker" between 2015 and 2016, and linked to a massive data breach reported last year.

 

Yahoo confirmed on Wednesday (15-02-2017) it notified users about the breach but declined to say how many accounts were affected.

 

Bob Lord, Yahoo's chief information security officer, told users that a forged cookie might have been used to access their accounts.

 

"Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password," the email read. "Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.

 

We have connected some of the cookie forging activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on Sept. 22, 2016."

 

Yahoo had reported the data breach affected more than 500 million users in late 2014. Three months later, in December, Yahoo reported that data of more than 1 billion user accounts were stolen in August 2013.

 

In the latest warning, the company said the hackers gained access to users' accounts without passwords. We invalidated the forged cookies and hardened our systems to secure them against similar attacks," Yahoo said in the email. "We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts."

 

The warning comes as Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of $250 million because of the data breaches.

 

Yahoo recommended that users avoid clicking on links or downloading attachments from suspicious email messages. The company asked users to consider adopting its authentication tool that eliminates the need for a password.

 

[Tech 425 3,942]

All I used Yahoo for is so Spam emails would go to that account, So now the hackers got there crap back