32 Million Yahoo Accounts Breached In Last Two Years

March 2, 2017 - Written By Dominik Bosnjak

Approximately 32 million Yahoo accounts were accessed without authorization in the last two years, the Sunnyvale-based Internet company revealed on Wednesday. Yahoo was specifically referring to account breaches conducted using forget cookies which allowed intruders to access user accounts without a password as they’ve tricked Yahoo’s systems into thinking they’re legitimate users.

Yahoo said that the aforementioned breaches are directly connected to the 2014 hacking attack that compromised 500 million of its users. The company’s last financial report contained a claim that the 2014 data breach was sponsored by a foreign state, adding how an unknown actor managed to access its proprietary code and identify a method of forging cookies for Yahoo’s services. The company based those conclusions on an internal investigation that was conducted in recent months but didn’t elaborate on the matter. However, the forged cookies responsible for 32 million account breaches in the last two years have all been invalidated and cannot be used again, Yahoo promised. The company’s latest statement didn’t suggest that the account breaches based on foreign cookies are directly related to the 2013 data breach during which over a billion of Yahoo’s user accounts were compromised. That incident is the largest known hacking attack in history and still hasn’t been explained in detail, which is something that Yahoo was previously criticized for. Due to the latest turn of events, Yahoo’s Chief Executive Officer Marissa Mayer won’t receive a cash bonus for 2016, the Sunnyvale-based firm said on Wednesday. Additionally, Mayer herself offered to waive any potential cash bonus for 2017 due to the hacking incidents that happened under her leadership, but it’s unclear whether the company’s board of directors will accept her proposal.

The company started warning users about potential account breaches conducted using forged cookies in mid-February but has so far refused to disclose the exact number of affected accounts. It’s unclear whether Yahoo now decided to reveal the number of affected users due to the pressure from the public, regulators, or Verizon, the largest wireless carrier in the United States that’s currently in the process of acquiring the company’s Internet business. While Verizon didn’t drop the idea of acquiring Yahoo’s core assets following the company’s set of scandals, the telecom giant did reduce its initial offer by $350 million and will now reportedly pay under $4.5 billion for Yahoo’s Internet unit.