New Yahoo Hack Revealed, ‘Cookie Forging Attack’ Used to Hack 32M Accounts

Yahoo hacked data on sale on the Dark Web

A brand new Yahoo hack has come to light recently, revealed by the company in its annual report. According to the report, 32 million accounts were hacked into using what is known as a cookie forging attack. Yahoo said in its report that it may have been carried out by the same “state-sponsored actor” responsible for the massive cybersecurity breach in 2014 that affected 500 million accounts.

The cookie forging attack used in this newly revealed Yahoo hack is a devious method to login to your account by tricking your browser into thinking you’re still logged in. Rather than breaching your password to gain access, the actor simply forges a token on your browser to achieve the same result.

A forged cookie acts like a digital key, allowing the hacker easy access to an account via the browser rather than the application itself.

The report also says that the company has invalidated these forged cookies to prevent the attacker from gaining access to the affected user accounts.

Surprisingly, Yahoo actually revealed the cookie forging activity in December 2016, but the issue seems to have been overshadowed by revelation of the 2013 breach in which 1 billion user accounts were infected.

In February, Yahoo started warning these 32 million users about their accounts being compromised by the cookie forging attack.

As of now, the forged cookies have been invalidated, but Yahoo believes that the hackers could have already stolen a significant amount of data from these accounts, including email addresses, names, hashed passwords, phone numbers, dates of birth and even, in certain cases, encrypted and unencrypted security questions and answers.

As reported earlier, Yahoo CEO Marissa Mayer has already given up her bonus for last year and equity reward for 2017 (a total of $14 million), and top lawyer Bell has resigned over the breaches.

The sale of assets to Verizon will still go ahead during the second quarter of 2017, but at a discount of $350 million related to existing liabilities for the Yahoo hack. Future liabilities that may arise are being shared by both companies.

Thanks for reading our work! Please bookmark to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.