Yahoo: 32 million accounts accessed using 'forged cookies'
Allows intruders to use without password
Published: 3 hours ago
(Reuters) Yahoo Inc, which disclosed two massive data breaches last year, said on Wednesday that about 32 million user accounts were accessed by intruders in the last two years using forged cookies.
The company said some of the latest intrusions can be connected to the “same state-sponsored actor believed to be responsible for the 2014 breach”, in which at least 500 million accounts were affected.
“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo said in its latest annual filing.
These cookies have been invalidated so they cannot be used to access user accounts, the company said.
Read more at http://mobile.wnd.com/2017/03/yahoo-32-million-accounts-accessed-using-forged-cookies/#5XtLuc3qlB4pTEmF.99