Yahoo says 32m user accounts were accessed via cookie forging attack

Asha McLean reports:

Yahoo has said that an unauthorised third party accessed the company’s proprietary code to learn how to forge certain cookies, which it said resulted in an intruder accessing approximately 32 million user accounts without a password.

“The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016,” Yahoo disclosed in its annual report, filed with the US Securities and Exchange Commission (SEC) on Wednesday.

Read more on ZDNet.

In related news, read Kara Swisher’s report on Recode: Yahoo’s head lawyer is taking the fall for its hacking, while CEO Marissa Mayer is getting her pay docked

Kaufman County's data breach was their second one in three weeks
Hacking Formula 1: Accessing Max Verstappen's passport and PII through FIA bugs
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
Hotel and Casino near Las Vegas Strip suffers data breach, documents say

Related: