Yahoo notifies users about 'forged cookie' security breaches and it could cost the company millions
Yahoo -- or, rather, its users -- have not been doing very well recently when it comes to security. Having already revealed details of a huge historic attack that led to the theft of details for millions of accounts, Yahoo is now notifying an unknown number of users that their accounts may have been breached by hackers using forged cookies.
At the same time, Bloomberg is suggesting that the impending deal with Verizon has been renegotiated. The latest revelations coupled with the previous security issues could have just cost Yahoo $250 million.
As noted by HelpNetSecurity, news of this particular security breach is not exactly new as it was included in an SEC filing in November. However, it was somewhat overshadowed by the news of the larger breach, and therefore went largely unnoticed. But alerts are now only just being sent out to users who may have been affected by the attack which dates back to "2015 or 2016".
In the alert, Yahoo says:
Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the on-going investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.
It remains to be seen what Yahoo intends to do to bolster its security, but in the meantime a report from Bloomberg says that the company's security issues have resulted in a renegotiated deal with Verizon that slashes $250 million off the price. Bloomberg also says:
In addition to the discount, Verizon and the entity that remains of Yahoo after the deal, to be renamed Altaba Inc., are expected to share any ongoing legal responsibilities related to the breaches, said the people, who asked not to be identified discussing private information. An announcement of the new agreement could come in a matter of days or weeks, said the people. The revised agreement isn’t final and could still change, they said.