Yahoo Users Attacked by Cookies
Yahoo users were told on Wednesday that hackers used a technical trick with cookies (little web browser tokens commonly used by websites) to log into their accounts without passwords. In an email to users, Yahoo admitted that:
“Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”
A Yahoo spokesperson yesterday confirmed:
“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password… The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.”
Yahoo Cookies Forged
Here’s how the attack would have worked – hackers tricked web browsers into telling Yahoo you’ve already logged in. Hackers would first need to forge the cookies. Cookies are used whenever you log into a service and select that box that says “keep me logged in” or “remember me.” Even if you close the window, you won’t have to log back in because the cookie stored by your browser tells the service that you already submitted your username and password.
The incidents stem from the data theft that Yahoo disclosed on Sept. 22, 2016, in which at least 500 million Yahoo accounts were stolen from the company in 2014.
$250-350 million knocked off Yahoo’s asking price
According to sources from Bloomberg to Reuters, Verizon who in June 2016 had announced agreement a deal for Yahoo for around $4.83 Billion US Dollars, the deal will continue to go ahead but with a lower asking price as it will also entail Verizon and Yahoo sharing the liability from potential lawsuits related to the data breaches.
Infosec Partners protects
In today’s world, our lives are under attack like never before. The boundaries between our public, work and private lives have never been more blurred and our dependence on electronic communication and internet connectivity means there are many more avenues of attack for criminals who are actively targeting our personal and financial data, safety and reputation.
From significant global organisations to high profile individuals and families, Infosec Partners are trusted to optimise defences and protect against cyber attacks. Whether providing fully managed security services, independently testing your cyber readiness or providing crisis management and responding to incidents, Infosec Partners are proven partners of excellence and full-spectrum security experts that puts your security first.
Contact us today for more information and for your free consultation, by completing the adjacent form or call us to speak with one of our trusted advisors immediately: