Yahoo Warned about Malicious Activity on Accounts, Again
https://sp-security.blogspot.com/2017/02/yahoo-warned-about-malicious-activity.html
The
tech giant has warned its users of potentially malicious activity that
took place in 2015 and 2016. This seems to be the latest cybersecurity
problem experienced by Yahoo. The news were announced 2 months after
Yahoo revealed that details of more than 1bn user accounts had been
compromised in 2013, becoming the largest breach ever. The number of
compromised accounts was double the number implicated in a 2014 breach
Yahoo disclosed a few months ago and blamed on state-sponsored hackers.
In the latest case, the online giant believes that the same state-sponsored hackers were responsible for the cookie-forging activity, even though it wouldn’t name the state. Usually Russia and China are blamed in such cases, but the experts have questioned whether Yahoo would be a target.
The company wouldn’t announce how many user accounts were affected by the malicious activity either, but it is known that its investigation has revealed that it was related to the use of forged cookies. The latter can be used to access users’ accounts without re-entering passwords.
Yahoo first reported the cookie forging in November and outlined the issue in a security update in December, but some users were only notified a few days ago. The company announced that it had identified user accounts for which forged cookies were potentially taken or used and started to notify all affected account holders. The forged cookies were invalidated so they could not be used again.
In the meantime, according to news reports, Verizon has renegotiated a deal for Yahoo’s Internet properties and dropped the price of the agreement by almost $250m after revelations about Yahoo’s security breaches.
Posted by:
In the latest case, the online giant believes that the same state-sponsored hackers were responsible for the cookie-forging activity, even though it wouldn’t name the state. Usually Russia and China are blamed in such cases, but the experts have questioned whether Yahoo would be a target.
The company wouldn’t announce how many user accounts were affected by the malicious activity either, but it is known that its investigation has revealed that it was related to the use of forged cookies. The latter can be used to access users’ accounts without re-entering passwords.
Yahoo first reported the cookie forging in November and outlined the issue in a security update in December, but some users were only notified a few days ago. The company announced that it had identified user accounts for which forged cookies were potentially taken or used and started to notify all affected account holders. The forged cookies were invalidated so they could not be used again.
In the meantime, according to news reports, Verizon has renegotiated a deal for Yahoo’s Internet properties and dropped the price of the agreement by almost $250m after revelations about Yahoo’s security breaches.
Posted by:
SaM
extratorrent
