Yahoo’s hack warning comes from a third breach, Yahoo says

How many times does this have to happen??
Three strikes and your out

Yahoo’s newly issued warning to users about malicious hacks is related to a third data breach that the company disclosed in December 2016.

A warning sent to some Yahoo users Wednesday read: “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”

This breach was quietly revealed in a December 2016 statement from Yahoo that provided information on a separate hack that occurred in August 2013 involving more than 1 billion accounts. Some of 2015 and 2016 incidents have been tied to a “state-sponsored actor” that was involved in another 2014 breach that affected up to 500 million accounts.

“Forged cookies” are digital keys that allow access to information without re-entering passwords. The leaked data included email addresses, birth dates and answers to security questions. Yahoo declined to say how many people were affected.

“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” a Yahoo spokesperson said in an emailed statement. “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.”

A source familiar with the matter said the investigations for these breaches are nearing an end.

The earlier, catastrophic breaches that impacted over 1.5 billion accounts raised questions about Yahoo’s security, and called into question the company’s deal to sell itself to Verizon Communications.

Both SunTrust and CFRA retained their hold opinion on Yahoo shares, mostly tied to the fact that Verizon will likely still purchase the internet company and has renegotiated the purchase price. Bloomberg reported that the telecommunications company was able to reduce the initial $4.8 billion price by $250 million due to the data breaches.

I really think it time to delete that Yahoo account and put the matter to bed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.