Ramblings of an old Doc
forged cookies used to access accounts
Published on February 16, 2017 By DrJBHL In Personal Computing


This just in via our Canadian correspondent Hankers:

Yahoo has been contacting some of its users to warn them that their accounts have been compromised using "forged cookies". It's the latest security embarrassment for the company, which revealed in September that it had suffered a data breach two years earlier that affected 500 million user accounts; and admitted in October that a second security incident had affected around a billion accounts...

"The investigation has identified user accounts for which we believe forged cookies were taken or used," a spokesperson for the company said. "Yahoo is in the process of notifying all potentially affected account holders."

It's not yet clear how many people have been targeted, but Yahoo said that it began sending out the warnings to users on Wednesday. As with the 2014 breach that it disclosed in September, the company is claiming that "state-sponsored" parties are behind the latest attacks.

Yahoo confirmed to ZDNet that the emails sent to those customers are genuine. It explained that hackers had stolen the source code that it uses to generate cookies, and that it had invalidated the cookies after learning of the latest attacks." - Yahoo


So, if you receive an email from Yahoo, it's valid. I would change my password (regularly) but, the forged cookie has been invalidated, in the meantime, by Yahoo.



http://www.zdnet.com/article/yahoo-warning-users-that-hackers-forged-cookies-to-access-accounts/ - original notification.



on Feb 16, 2017

Cookie monster.

Thanks for posting, Seth.

on Feb 17, 2017


Cookie monster.

And I thought he was only on Sesame Street. Must have graduated.

Thanks again for the heads up Doc.

on Feb 17, 2017

And they want to go electronic instead of dollars.