Latest Yahoo Hack Bypasses Passwords

Poor Yahoo.  They were already involved in a data breach that compromised over a billion user accounts.  Now there’s been another, new hack that they kinda sorta quietly let people know about two months ago.

The latest attack was disclosed in a statement Yahoo released in December, but it was mostly overlooked because it was also talking about the August 2013 attack.  The latest attack was announced with this line:

Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.

You might be wondering, “What is a forged cookie?”  As many people know, a cookie stores browser information.  The best example is the checkbox you probably use all the time when logging into a website that tells the website to keep your logged in or to remember the login information.  A forged cookie simply tricks the browser into thinking an account has already logged in.

It’s currently unknown how many Yahoo accounts were affected by this latest hack.

image_pdfimage_print