Just weeks after disclosing a 2013 security breach which exposed 1 billion of user accounts, Yahoo has to share bad news once again. According to an email which the company has been sending to its users since Wednesday, an unknown number of accounts might have been compromised – another time.
In the aforementioned email, Yahoo informs its users that “[Yahoo's] outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, [Yahoo believes] a forged cookie may have been used in 2015 or 2016 to access [users' accounts].”
A spokesperson for the company confirmed to ZDNet that the emails are genuine and explained that Yahoo is in the process of notifying all potentially affected account holders.
Yahoo and its many security issues
Yahoo is definitely having a hard time protecting its users from data-theft. Back in October 2016, three former employees of the company admitted to mass email spying for the US government. They revealed a secret Yahoo program which searched through millions of emails on behalf of the United States government.
This was adding up to the 1 billion hacked user accounts that were compromised in 2013 already. According to their own security experts, that attack had been carried out by a foreign government.
How the newest data-breach related to forged cookies might affect the planned acquisition of Yahoo by Verizon, still remains to be seen. Back in July 2016, the global communications & technology giant announced it had agreed to buy Yahoo's operating business for $4.83 billion. However, due to the recent controversies, the company lowered its price by $250 million earlier this week.
In the past, it was suggested that Verizon could leave the deal. Such a decision would likely mean Yahoo would need to be sold or risk going out of business entirely.