The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: cookie reuse attack

Yahoo Reveals 32 Million Accounts Were Hacked Using 'Cookie Forging Attack'

Yahoo Reveals 32 Million Accounts Were Hacked Using 'Cookie Forging Attack'

March 02, 2017Mohit Kumar
Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password. These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months. The former tech giant said that in a regulatory filing Wednesday that the cookie caper is likely linked to the "same state-sponsored actor" thought to be behind a separate, 2014 data breach that resulted in the theft of 500 Million user accounts . "Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," Yahoo said in its annual report filed with the US Securities and Exchange Commission (SEC). "The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken
Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack

Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack

February 16, 2017Mohit Kumar
Has Yahoo rebuilt your trust again? If yes, then you need to think once again, as the company is warning its users of another hack. Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts . Well, it's happened yet again. Yahoo sent out another round of notifications to its users on Wednesday, warning that their accounts may have been compromised as recently as last year after an ongoing investigation turned up evidence that hackers used forged cookies to log accounts without passwords. The company quietly revealed the data breach in security update in December 2016, but the news was largely overlooked, as the statement from Yahoo provided information on a separate data breach that occurred in August 2013 involving more than 1 billion accounts. The warning message sent Wednesday to some Yahoo users read: "Based on the ongoing i
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.