Poor Yahoo. They were already involved in a data breach that compromised over a billion user accounts. Now there’s been another, new hack that they kinda sorta quietly let people know about two months ago.
The latest attack was disclosed in a statement Yahoo released in December, but it was mostly overlooked because it was also talking about the August 2013 attack. The latest attack was announced with this line:
Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.
You might be wondering, “What is a forged cookie?” As many people know, a cookie stores browser information. The best example is the checkbox you probably use all the time when logging into a website that tells the website to keep your logged in or to remember the login information. A forged cookie simply tricks the browser into thinking an account has already logged in.
It’s currently unknown how many Yahoo accounts were affected by this latest hack.