CyberCrimeProjectsSecuritySecurity ManagementService Providers

Yahoo Issues Fresh Warning About Compromised Accounts

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Does it ever end? Yahoo issues fresh warning to users after disastrous data breach

Yahoo has issued a fresh warning to its users about potentially malicious activity on their accounts between 2015 and 2016.

The warning comes after two highly damaging cyber attacks that has resulted in the compromising of user data belonging to a staggering one billion users.

The cyber attacks have badly impacted the acquisition of Yahoo’s core Internet business for $4.83 billion (£3.86bn) by Verizon. Recent reports suggest that Verizon will shave between $250 million to $350 million off the original agreed purchase price.

ukraineTwo Attacks

Yahoo has been hit hard by cyber incidents in recent years. A devastating data breach at Yahoo took place in 2014, which resulted in the theft of 500 million accounts. But that hack only came to light in September 2016.

The long delay prompted US senators to call for CEO Mayer to explain the way the company handled the data loss.

But in December last year Yahoo admitted that another massive data breach took place back in 2013, which saw more than a billion user accounts hacked, making it the biggest breach in history.

It should be noted that Yahoo has been hacked before that. In 2012 Yahoo admitted it had been hacked, after more than 450,000 Yahoo passwords had been posted online.

The company believed that hack took place in August 2013, when an unauthorised third party swiped data linked to a mass number of accounts.

Stolen user account information from the 2013 hack may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

Fresh Warning

And this week Yahoo has issued a fresh warning to users of potentially malicious activity on their accounts between 2015 and 2016.

The company confirmed the fresh warning to the Associated Press, but declined to say how many people were affected.

Yahoo apparently tied some of the potential compromises to what it has described as the “state-sponsored actor” responsible for the 2013 attack.

Its new warning to users talks of malicious activity from the use of “forged cookies”.

“Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account,” the Associated Press quoted the warning sent to Yahoo users on Wednesday.

Quiz: Take our data breaches of 2015 quiz here!