Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


The Yahoo Saga Continues: User Accounts Accessed Via Cookies

The Yahoo saga continues, as the company has again started notifying users of more malicious activities involving more user accounts. Apparently, attackers may have accessed user accounts via fake cookies instead of passwords. Unfortunately, the number of accounts accessed this way hasn’t been specified by Yahoo.

This may not appear surprising at all as it surfaced as a time when a series of breaches that involved Yahoo came to light. Still, the attack shouldn’t be underestimated as its implications may be more damaging than expected.

The first batch of notifications were sent to affected users in December last year, but as it appears this isnn’t the end of the saga.

Related: Yahoo Reports Another Billion Accounts Hacked

According to the US Securities and Exchange Commission filling the attackers that had access to Yahoo’s network in 2015 was actually state-sponsored. The attackers created fake cookies which enabled access to accounts without needing a password. Various account details could have been accessed as well. The incidents took place in 2015 and 2016. The cookies are now invalidated.

According to Jason Hart, Vice President and Chief Technology Officer at Gemalto, this news is both surprising and expected. He also adds that:

The company recommended that users consider adopting its Yahoo Account Key, an authentication tool that eliminates the need for a password. However, tools like this only work if the user remembers to activate them. Given the current security climate, all companies should have multi-factor authentication activated by default for all online accounts. Opt-in security is not an option in this day and age.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.