Discovered that Yahoo was hacked again

ByKārlis Dambrāns

Yahoo.com(Yahoo)In September 2016 that more than 500 million user account information was stolen from its databaseAnnouncement, In December the same year another user account information of 1 billion people was stolen as a separate caseAnnouncementDid. Yahoo just revealed that he had received two hacks in the past, Yahoo has found that a trace of new hacking has been found that the user account information was spilling further.

Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack
http://thehackernews.com/2017/02/yahoo-hack.html


When Yahoo conducted an internal survey, a hacker logged in to the account without a password, so a trace found using forged cookies was found. From here, it is assumed that there is a possibility that the user's account information may be leaked in the same way as the two damage detected in 2016, a warning message is sent to the possibly user. In the warning message sent to Yahoo users, "According to a survey currently in progress it is possible that cookies forged have been used to access your account in 2015 or 2016" It is said that it is.

The number of Yahoo users who sent the message is unknown, but this seems to be related to the issue "Yahoo scanned contents of mail without permission" which was talked about in October 2016. Yahoo is requested to build a system that scans all accounts of Yahoo mail from government agencies in 2015 and accepts this request. Yahoo is said to have laid a backdoor to its mail server to scan mail, and in the hacking damage discovered this time, "It is confirmed that it is affected by this vulnerability"The Hacker NewsI'm reporting.

Yahoo found out that the content of the mail was scanned without permission - GIGAZINE


In order to log in to various services existing on the Internet, check boxes such as "keep login state" and "login information" are displayed. When this is checked, the cookie saved by the web browser will inform the online service side of the user name and password, so even if you turn off the PC or close the browser, you will be logged in to the account again You no longer need it.

In Yahoo's hacking damage discovered this time, hackers use "counterfeit Cookie" to steal personal information from accounts whose password is unknown. Instead of stealing passwords, hackers have felt that web browsers are "already logged in" as "counterfeit cookies" and steal personal information.

ByLogan Ingalls

A Yahoo spokesman said, "As previously disclosed, external experts who requested cooperation are investigating counterfeit cookies that an intruder may have accessed a user account without a password. According to the survey, the user account that the counterfeit cookie is supposed to have been used has been identified, and the owner of the account that may have been affected is notified accordingly. "

In addition, due to deteriorating business results, the sale of net business for a long timerumorAlthough it is Yahoo in the United States being done, although it is approaching an agreement with Verizon of communication, "The bought amount can be lowered by 250 million dollars (28 billion yen) by the discovery of a hacking problem"Bloomberg reportedis.