According to a new announcement by Yahoo, a huge amount of users are being infected through unauthorized access into their personal accounts. According to Yahoo’s survey check, approximately 32 million users have been directly effected through a yahoo cookie forging hack which does not require any password authorization for the intruder.
This number of affected user accounts comes in a separate batch from those accounts that Yahoo made public in the previous couple of months. Two major breaches into Yahoo’s data were brought to the knowledge of all users in the past two months.
Yahoo when commenting upon the Yahoo cookie forging Hack, told that the incidents have yet not formed a clear picture for them but these activities can be tracked back to the state-sponsored actor. A similar breach took place around 3 years ago which directly affected half a billion user accounts.
Yahoo has made an official statement in the yearly report submitted at the SEC (American Securities and Exchange Commission) which states that “Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies”. It was also mentioned by the company’s officials that- “The outer Forensic department heads have reported about around 32 million Yahoo user accounts that came under the effect of forged cookie hack process through the past two years. We are pretty sure that this work has been carried out by the similar state-funded actor which is carried out a similar activity back in 2014”.
A regular computer or email account user would be completely unaware of the term. “Forged Cookies” is a term that refers to certain digitally validated keys which have the ability to allow intruders an access into user accounts without having to enter that certain account’s password again. In this case, the intruders do not replicate the passwords but they make the browser believe that the account had already been logged in by the original user a little while ago and it is supposed to remember the password. This is done by replicating little browser security items called cookies.
Yahoo brought the cookie caper on to the big screen at the end of last year but the announcement could not get the publicity it should have gotten. The main reason being Yahoo’s explanation in it regarding an independent data breach from 3 years ago which involved an infection of 1 billion Yahoo user accounts.
At that time, the company told in statement that the intruders might be using fake or stolen user ids, email ids, hashed passwords, contact numbers or the date of birth users enter at the time of account verification. In some rare cases, the hackers also forged user security questions for their own good.
When Yahoo got to know about the details on these harmful activities, their first concern was to warn all their customers of the threat of yahoo cookie forging hack. They told the customers about how multiple state-powered intruders have been getting into their user accounts by using the yahoo cookie forging hack.
But the good news from all this information is that Yahoo, after the incidents happened, has made all the forged cookies invalidated in their system and they cannot be used to access user accounts anymore.
Yahoo CEO Marissa Mayer Losing her Yearly Bonus:
After the incidents regarding yahoo cookie forging hack took place and affected hundred millions of users, the CEO of Yahoo decided to let go of her yearly bonus in return for the loss. The bonus was calculated up to $2 million alongside all kinds of equity rewards from 2017 having an approximate worth of $12 million when it comes to stocks. All this was done by Marissa Mayer, the CEO of Yahoo to make up for the user account hacks that happened in her time at Yahoo.
She stated in her official statement about the incident:
“When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies,” Mayer wrote in a note published Monday on Tumblr.”
“However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.”
Apart from these actions from the CEO, Ronald Bell who was the general counselor and Secretary at the organization also put forth his resignation on the following Wednesday when Yahoo made it public that senior officials and law related staff of the company had knowledge of the activities being done by state-powered exploiters.
Multiple incidents like the Yahoo cookie forging hack have taken place in the past few years and this has given rise to an increased sense of distrust from the users towards Yahoo accounts. As a result, both Yahoo and Verizon Communications have reached terms to decrease the prices of their near future acquisition deal down by $3.5 million. $3.5 million as a result of 2 major data breaches.
Initially the deal had to be done at a set price of $4.8 billion which has been brought down to around $4.48 billion.