Well, it seems internet giant Yahoo is back in the market to make waves once again. Yesterday, it was reported that Verizon is asking for as much as $350 million discount in Yahoo’s acquisition deal. And, the internet giant is back with an update on the breach of its email servers by state-sponsored attackers last year. It is notifying users, whose accounts they believe have been breached, about how the same happened.
Currently, Yahoo says that users of its email service are being notified if their account had been breached in the massive attack last year. The collection of attacks is said to have affected as many as 500 million users during the first attack in 2013 and nearly a billion users (almost 2x the number of accounts) during the second attack in 2014. These accounts were a target of attack because of a flaw in Yahoo’s email service which allowed hackers to
These accounts were a target of attack because of a flaw in Yahoo’s email service which allowed hackers to use “forged cookies” created via the software stolen from the company’s internal systems. They were able to access the emails of these account holders without the need for re-entering passwords.
Cookies are little web browser tokens which store information corresponding to certain websites — that require this info. Such sites can be accessed without entering passwords since you’ve already granted it access to your personal information. The hacker doesn’t need to steal your password, it can just trick your browser into thinking that you’re already logged in. Voila, they’re inside your email accounts and can access any of your emails.
The notification being sent to Yahoo email account holders reads:
Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.
Further, these warning notifications can be seen as the company’s continued efforts to make its users aware of the historic breaches. And it also repeatedly instructs them to change passwords and set up two-factor authentication to secure their accounts. And if you think that the notifications being sent out are ingenuine, then take note — they are not.
The same has been confirmed by a Yahoo spokesperson in their statement, which reads:
The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.
The security notifications are still going out to almost all affected users, alongside the security investigations which are still being conducted to understand further ramifications of the breach. Though some employees have previously mentioned that they had the knowledge of the previously disclosed hack even before the company went for public disclosure of the same. They were wary of some unusual activity on the company’s e-mail servers but chose to ignore it as spam. This disclosure only adds to the security problems for the company.
Further, Yahoo is facing immense scrutiny from the online community and their troubles don’t seem to take a break. The U.S Securities and Exchange Commission is also investigating the two breaches with regards to the timeline of their disclosure. This is, hence, causing problem with its $4.8 billion acquisition by Verizon.