Yahoo issues new warning of potentially malicious activity on accounts

2May - by Pax_tan - 0 - In News

Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest in a string of cybersecurity problems faced by the technology company.

Hacking your Taxes You’re a contractor and people are paying you to work in your pajamas. It’s a life of luxury, but when tax time comes, you are in a world of hurt and you wonder why you even do it. Taxes are tricky, but there are some tools you can use to make it less painful on your pocketbo...

The measure comes two months after the company revealed that data from more than 1bn user accounts had been compromised in August 2013, the largest such breach in history. The number of affected accounts was double the number implicated in a 2014 breach the internet company disclosed in September and blamed on state-sponsored hackers.

Yahoo believes that the cookie-forging activity is linked to the same state-sponsored hackers, although the company would not name the state. Security experts have pointed to Russia and China as the usual suspects for these kinds of attacks, although some have questioned whether Yahoo would be a target.

It is not clear how many user accounts are affected by the malicious activity announced Wednesday, although a Yahoo investigation has revealed that it involved the use of forged cookies, which can be used to access people’s accounts without re-entering their passwords.

Yahoo told the Guardian that it first reported the cookie forging in a filing in November 2016 and outlined the issue in a security update in December 2016, although some users are only being notified this week.

A Yahoo spokeswoman said: “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”

Linux bug leaves 1.4 billion Android users vulnerable An estimated 80 percent of Android phones contain a recently discovered vulnerability that allows attackers to terminate connections and, if the connections aren't encrypted, inject malicious code or content into the parties' communications, researchers from mobile security firm ...

Notifications have been sent out to almost all affected users, although security investigations are still ongoing.

The news comes as reports suggest that Verizon is close to a renegotiated deal for Yahoo’s internet properties that would reduce the price of $4.8bn agreement by about $250m, following revelations about the company’s security breaches.

Leave a Reply

Your email address will not be published. Required fields are marked *