We recently commented that the sale of Yahoo which will occur with a discount of 250 million dollars due to the security problems they have had in the past, two hacks that managed to break records in the list of “filtered data”. Now comes another negative news from the company about the third hack that has occurred.
Yahoo is warning some of its customers that state sponsored attackers have been logging into their accounts using a system of forgery of cookies, a system that does not require the acquisition of passwords.
The company has informed Zdnet via email that outside experts have been investigating the creation of forged cookies that could allow an attacker to access user accounts without a password, something that was used during 2015 or 2016 to access multiple accounts. From Twitter other users have confirmed the receipt of similar emails warning about the invasion.
— Joshua B. Plotkin (@jplotkin) February 15, 2017
It is not yet known how many clients have been affected, since the note has not been public. Although everything seems to indicate that the number has not been great, since in the attacks sponsored by the state we do not usually speak of large numbers.
If we consider that in September the theft of 500 million records was announced, and in December it rose to 1 billion, the highest in history, this third hack does not seem to have much importance, since virtually all Yahoo accounts have been invaded at some point in history.
Of course, after learning of the attacks Yahoo invalidated the cookies effectively blocking the attackers.
It seems that Yahoo’s security problems does not stop, hopefully when they are in new hands they will stop the avalanche.