Yahoo Reveals More User Accounts Were Hacked, Hours After Renegotiating Verizon Deal

Tyler Durden's picture

Yahoo's timing once again leaves much to be desired.

Just hours after Bloomberg reported that Verizon is finally close to a renegotiated deal for Yahoo! Inc.’s internet properties that would reduce the price of the $4.8 billion agreement by about $250 million after the revelation of security breaches at the web company, Yahoo issued another warning to users, advising them their accounts may have been compromised by "potentially malicious" activity on their accounts between 2015 and 2016.

An email from Yahoo forwarded to ZDNet said: "Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account."

It was the latest development in the internet company's investigation of a mega-breach that exposed 1 billion users' personal data including email addresses, birthdates, and answers to security questions, several years ago.

In a statement, Yahoo tied some of the potential compromises to what it has described as the "state-sponsored actor" responsible for the theft of private data from more than 1 billion user accounts in 2013 and 2014.  As AP adds, it was not immediately clear how many users were affected by the malicious activity, which involved the use of forged cookies, or strings of data which can be used to allow people to access online accounts without re-entering their passwords.

A message sent to an Associated Press reporter earlier Wednesday said that, "based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account."

Yahoo said in a statement issued Wednesday that its investigation "has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders." Since the company has declined to say how many people were potentially affected, it is safe to assume that the number is substantial.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
froze25's picture

Well as long as I can go to their home page every freaking day and see a "News" headline that bashes Trump and praises Obama, I will be ok. You would think that Google and MSN (bing) would also have the same security issues but they don't what gives? I am also surprised since they have a woman CEO and as we all have been told they are simply the best at .... well everything. Maybe they need a Lesbian of Color to right the ship.

YouJustMadeTheList's picture

HRC should have just used YAHOO for Dept of State correspondence... It would have probably been safer and kept those Russian hackers off the scent.

froze25's picture

One thing to always to remember, the best hacks aren't discovered so who the hell really knows what is out there.

Son of Loki's picture

Yahoo is 90% Fake News these days. Their news section is not worth reading.

SILVERGEDDON's picture

The bigger retards work at Verizon  - you know, the fucking retards who made the call to buy the Yahoo ditch pig.

dot.dot's picture

The decline of Yahoo's content & security went to complete shit (from so-so) after that brain-dead, affirmative-action female was given the CEO gig a few yrs back.  The first thing this stupid twat did was "no more work-from-home" for the staff.  I was a career IT guy and I know the demands of that kind of work.  It is not 9-5 kind of stuff.  So working from home helps make those 2 am pages/calls (b/c something is broke and require immediate attn) more palatable.  IT people, for the most part, do not require direct supervision or baby-sitting (most are very bright and take pride in their work (mostly white/asian males)).  Seeing how this woman was not of an IT background she thought she knew better.  Since then multiple massive security problems and the quality of the their once pretty good finance site went to complete shit.  No doubt the competent IT guys (prolly zero women and dindu's) left to keep their sanity.

FreedomGuy's picture

Yahoo has been going steadily downhill, year by year and section by secton. I remember when they redid the Auto section which I liked. I thought to myself, "This is now designed by a 2 year old who does not even drive or like autos." Finance got worse and the ads went crazy.

The news is obviously done by young millenial leftists who also get the first posts in each article.

I would switch but so many other accounts are tied to your primary email account it is probably harder than changing your bank.

However, I need to do some research on other emails and general news sites. I will not miss fake-news Katie Couric, either.

Son of Loki's picture

The IT guy above is 100% correct. When I was doing some very basci DBA work, the company hired a "project manager" to look over our shoulders (there were 3 of u). She would interfere almost every freaking hour and ask dumb questions. I finally asked what her background was and incredibly, she was a PE major! Almost ZERO experience in data base work.

Everyone finally quit it got so bad and we all went elsewhere.

Many of these companies have upper management that don't have a clue about the actual worl. the doctor neighbor tells me it's the same with hospitals where the hospital administrator tells the nurses and doctors how to do their work despite them being clueless about medicine and health care.

dot.dot's picture

Your story made me chuckle since it hit home.  I recall when the company I was working for fell for the whole "Project MGR" fad.  The PM's were the least intelligent people on the floor.  All were completely clueless and wasted everybody's time w/ their retarded 'Project Update Meetings.'  And b/c they had the word 'mgr' in their title they were paid a bit more.  Does it make sense to pay some dipshit the same or more than CISSP's, DBa's and CCIE's.  The fad finally played-out when it came time to cut staff spending to the bare minimum.  The PM's added zero value so they were DX'd.

dot.dot's picture

Switching email accts is not too painful.  I had finally has ENOUGH a few months ago and forced myself to switch from yahoo to google (I can be a bit lazy).  Simply setup a gmail acct and then search on how to migrate from yahoo mail.  The instructions are pretty straight-forward and even provide pictures of the various tabs (gmail def wants the new business).  It took me about 45 mins while watching the Price is Right to jump through all the hoops and check the correct tabs.

No email is secure from gov agencies snooping -NONE.  So might as well use gmail since their interface is cleaner (IMO) than yahoo and you are sending a msg yahoo's way that you've had enough of their BS.

ZeroPoint's picture

I remember back in the early 2000s, when Yahoo had open message boards attached to every news article. You could say WHATEVER you damn well pleased. You didn't even need an account, you just typed your 'username' in a text field. It was the funniest, most entertaining thing I ever experience on the internet. People would scream on threads "REPORTED!!!!!" and those reports went exactly nowhere. It was fantastic.

Compare that today, where you:

* Cannot create an account without a working cellphone number.

* Your comment is almost instantly deleted because they changed the reporting tolerance down to nothing

* There are armies of contracted idiots to immediately report your comments if it goes against 'liberal values'.

* Any article where the main subject is a liberal cause like blacks, illegals, gays, etc, they don't even have a comments section.

It was nice when it lasted. For those who remember: "I JACKED OFF IN A LIBERAL'S SALAD!"

 

http://www.ld-software.co.uk/modules.php?name=Yahoo-MM&page=Yahoo_trolli...

justdues's picture

My Yahoo account was hacked in 2015, hav,nt been able to access it since . How the hell are Yahoo going to inform me my accout "may" have been hacked ? Write me a f**king letter ?

Totally_Disillusioned's picture

Notice how libtard Yahoo and FaceBook have been hacked?  Message to all the fools who post on these sites...proceed at your own risk.

Umh's picture

How is posting to Yahoo going to put you at risk? Is someone going to hack an account and then get you in trouble with the NSA?

On the other hand years ago when I first created a Yahoo account I quickly began getting spam emails to an email address I never used.

Joe Davola's picture

There are 2 kinds of sites - those that have been hacked and those who are going to be.

And then there's the "legal" hacking of all data done in the name of providing security to all!

angry_dad's picture

dam those russians, they did it again

RogerMud's picture

Yahoo might do better if they just delete all of the user accounts.

A. Boaty's picture

Really nice

lava lamp.

No, wait! Purple! Arrrrgh!

Dollar_Store_Confucius's picture

I thought that was her "personal massager."

moorewasthebestbond's picture

This is what happens when men (if there are any left) allow women outside of the kitchen and the bedroom.

Hohum's picture

Amusing.  Here's hoping your life is a big success.  Can't help thinking, though, that 9 out of 10 people who write something like that are heating a can of baked beans on the stove for dinner tonight and watching a movie solo.

sessinpo's picture

Unfortunately, the modern woman doesn't cook either. Times have changed.

moorewasthebestbond's picture

For sale: corrupt database decades of crap analytics and crap user profiles.

 

Sold to Verizon!

HRClinton's picture

As you know, I learned the hard way.

My private email server is now in Switzerland.  Protonmail.  Encrypted, and affordable even for me.

Forget you, Wikileaks!