Yahoo Reveals More User Accounts Were Hacked, Hours After Renegotiating Verizon Deal

Yahoo's timing once again leaves much to be desired.

Just hours after Bloomberg reported that Verizon is finally close to a renegotiated deal for Yahoo! Inc.’s internet properties that would reduce the price of the $4.8 billion agreement by about $250 million after the revelation of security breaches at the web company, Yahoo issued another warning to users, advising them their accounts may have been compromised by "potentially malicious" activity on their accounts between 2015 and 2016.

An email from Yahoo forwarded to ZDNet said: "Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account."

It was the latest development in the internet company's investigation of a mega-breach that exposed 1 billion users' personal data including email addresses, birthdates, and answers to security questions, several years ago.

In a statement, Yahoo tied some of the potential compromises to what it has described as the "state-sponsored actor" responsible for the theft of private data from more than 1 billion user accounts in 2013 and 2014.  As AP adds, it was not immediately clear how many users were affected by the malicious activity, which involved the use of forged cookies, or strings of data which can be used to allow people to access online accounts without re-entering their passwords.

A message sent to an Associated Press reporter earlier Wednesday said that, "based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account."

Yahoo said in a statement issued Wednesday that its investigation "has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders." Since the company has declined to say how many people were potentially affected, it is safe to assume that the number is substantial.