backtop


Print

Yahoo is notifying users of the fact that their accounts may have been compromised between 2015 and 2016. This new statement comes as the latest fall-out from stemming from the huge data-breach reported a few years ago.

Most Yahoo users were notified about the previous breach, but that was for 2013 to 2014 and included more than 1 billion user accounts. The user information that was stolen back then consisted of security questions, email addresses and birth dates. See my DailyTech article of September 23,2016.

Some users believe that if they were not using Yahoo around that period they are safe. But this new development expands the time-line to include 2015 and 2016. We still are not 100% sure of complete scope of information stolen, how many accounts were involved, or who is at risk. The only thing we can rely on at this point is that passwords need to be changed immediately if you have not done so already.

The new information centers around the use of “forged cookies”.  Cookies are messages that web servers pass to your web browser with when you visit a website. They are used to store information, customize a site to your preferences and track website activity.  Online shopping sites use cookies to store personal information and shopping cart information. Cookies provide the convenience of not having to re-type regularly entered information such as passwords.

Here is where the problem resides.  Yahoo sent a message warning users that an ongoing investigation uncovered a concern that a forged cookie may have been used to access user accounts in 2015 or 2016.




"And boy have we patented it!" -- Steve Jobs, Macworld 2007
Related Articles













botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki