Yahoo confirms 32M accounts hacked as CEO forfeits annual bonus in apology

According to the US Securities and Exchange Commission (SEC), more than 32 million accounts of Yahoo has been violated in cookie forging attack.

Similar to the news in 2014 and 2013, 500 million and one billion accounts have been affected by two huge breaches. However, according to the news, this attack is linked to the previous attack as done in 2014.

The crime consists of advanced attack vector which is based on the cookie forgery for assessing the user’s accounts. According to the news, the cookie’s have not been validated.

According to Yahoo in SEC filling:

In November and December 2016, we disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the investigation, we believe an unauthorized third party accessed the Company’s proprietary code to learn how to forge certain cookies. The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016 (the “Cookie Forging Activity”). We believe that some of this activity is connected to the same state-sponsored actor believed to be responsible for the 2014 Security Incident. The forged cookies have been invalidated by the Company so they cannot be used to access user accounts.

As from the investigation, that was being conducted by the company in 2014, states that the company was able to mark out the  26 compromised accounts and the owners of the accounts have been notified.

According to the SEC, some of the seniors were not been able to investigate the attack properly as they should have to. SEC also claimed that the company legal team had enough information to re-inquire the case back in 2014.

According to the filing:

“The Independent Committee found that failures in communication, management, inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident,”

Keeping in view, the developments in these cases, CEO of Yahoo, Marissa Mayer said in the Tumblr post that she is going to take responsibilities and avoid blunder in future.

She said she is agreed to abandon her annual bonus and equity grant so that the hard working employee of the company should be supported well.

- Advertisement -
b4c58c5edf797ff99fcca559f7ac9651?s=96&r=g - Yahoo confirms 32M accounts hacked as CEO forfeits annual bonus in apology
Muhammad Irfan Raza
Irfan Raza is Editor at TechWafer covering Everything about Apple including Mac, iPhones, iMac, iMac Pro, MacBook, and How-tos.

Recent Articles

Tecno Spark 6 Review:

Tecno is taking our lower-end smartphone segment with phones like Spark 6. It is an all-in-one device for gamers and battery enthusiasts in the...

vivo Launches Y20 with 5000mAh Battery, Triple Macro Camera and Side Fingerprint

vivo, the leading global smartphone brand, today announced the launch of its latest mid-range smartphone, the Vivo Y20 in Pakistan. vivo Y20 with 5000mAh Battery,...

OPPO launches Enco W51 headphones loaded with exciting features

Hoping to connect users' lives in a smarter way, OPPO launches a new entrant as part of its IoT strategy – OPPO Enco W51....

realme C17 launched with 90Hz Display, 6GB RAM and 128GB Storage

realme has finally launched the most affordable realme C17 with 6 GB + 128 GB large storage & 90Hz ultra-smooth punch-hole display at an...

HUAWEI Y9a – the Midrange King Goes on Sale across Pakistan Today

The HUAWEI Y series continues to exceed expectations of young consumers all over Pakistan. It is touted as a worthy digital companion that flouts...



Leave A Reply

Please enter your comment!
Please enter your name here