Yahoo issues new warning in fallout from hacking
LONDON — Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016 — the latest development in the Internet giant’s investigation of a megabreach that exposed one billion users’ data several years ago.
Yahoo confirmed Wednesday it was notifying users that their accounts had potentially been compromised but declined to say how many people were affected.
In a statement, Yahoo tied some of the potential compromises to what it has described as the “state-sponsored actor” responsible for the theft of private data from more than a billion user accounts in 2013 and 2014. The stolen data included email addresses, birth dates and answers to security questions.
The catastrophic breach raised questions about Yahoo’s security and destabilized the company’s deal to sell its email service, websites and mobile applications to Verizon.
The malicious activity that was the subject of the user warnings revolved around the use of “forged cookies” — strings of data that are used across the web and can sometimes allow people to access online accounts without re-entering their passwords.
A warning message sent to Yahoo users Wednesday read: “We believe a forged cookie may have been used in 2015 or 2016 to access your account.”
Some users posted the ones they received to Twitter.
“Within six people in our lab group, at least one other person has gotten this email,” said Joshua Plotkin, a biology professor at the University of Pennsylvania. “That’s just anecdotal of course, but for two people in a group of six to have gotten it, I imagine it’s a considerable amount.”
Plotkin said he wasn’t concerned because he used his Yahoo email for messages that were “close to spam.”
Meanwhile, there were reports Wednesday that Yahoo is near a deal to lower the price of the sale of its core Internet business to Verizon by close to $300 million due to the hacking incidents. The original deal, announced last year, carried a $4.8 billion price tag.