Yahoo announced Wednesday that potentially malicious activity may have impacted an unknown number of accounts in 2015 and 2016.
The breach is the third announced in the last year — a 2013 breach affecting up to a billion users was the largest data breach in history — and involved the use of fraudulent cookies, which can enable hackers to enter accounts without having the password.
Yahoo blamed state-sponsored hackers for this latest malicious activity and a 2014 breach announced in September, but would not name the country it thought was responsible, The Guardian reported.
Cybersecurity experts have suggested China and Russia as possible culprits but questioned why Yahoo would be a target of any state-sponsored hacking attempts.
Notifications were sent to affected users and the forged cookies were invalidated; they will not be able to be used again. Yahoo is continuing to investigate the breach and who might have been responsible.
Newsday reported this latest malicious activity has destabilized a deal in which Yahoo had planned to sell its email service, websites, and mobile apps to Verizon. If the deal does still go forward, the selling price might be decreased by about $250 million from the proposed $4.8 billion, The Guardian reported.
The cookie forging was first reported by Yahoo in a filing in November 2016 and was further outlined in a security update in December, but most users were only notified of the malicious activity this week, The Guardian reported.
© 2024 Newsmax. All rights reserved.