Yahoo on Wednesday warned its users about malicious hacks that are linked to a third data breach the company announced last year. The hacks are said to have been pulled off via “forged” cookies, text files used to give website users access to login information without the need to re-enter it.
The warning relates to more recent malicious activity targeting accounts between 2015 and 2016, most likely perpetrated by a “state actor”, according to Yahoo. Specifically, the hacks are said to have been achieved by using “forged” cookies – the text-based keys that give web users access to username and password information without having to re-enter it – created by software stolen from within Yahoo’s internal systems.
While the Internet service warned users about the unauthorized access to their account, it did not disclose how many users had been affected.
Verizon Lowering Offer
Meanwhile, Verizon is said to be close to a renegotiated deal to purchase Yahoo’s core assets at a lowered price. Last year the wireless carrier agreed to buy the online service’s assets for $4.83 billion. However, Bloomberg, citing “people familiar with the matter,” reported on Wednesday that Verizon would be lowering their offer by around $250 million, due to the security breach revelations.
In addition to the discount, Verizon and the entity that remains of Yahoo after the deal, to be renamed Altaba Inc., are expected to share any ongoing legal responsibilities related to the breaches, said the people, who asked not to be identified discussing private information. An announcement of the new agreement could come in a matter of days or weeks, said the people. The revised agreement isn’t final and could still change, they said.
SEC Investigating Yahoo
The Securities and Exchange Commission is currently investigating Yahoo over its failure to disclose the massive data breaches sooner than it did.
Senator Mark Warner had requested that the SEC investigate what Yahoo knew about the breach, and when it learned about it, saying: “Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public.”