Yahoo warns customers of further breach

Yahoo warns customers of further breach
© Getty Images

Yahoo issued a new warning to some users on Wednesday, indicating that their personal information may have been compromised in a data breach revealed by the company last year.

“Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account,” the alert, first reported by the Associated Press, read.

The notification is said to be tied to the company’s ongoing investigations of a massive breach reported in September. 

Yahoo revealed in September that sensitive data associated with at least 500 million accounts had been stolen in late 2014, attributing the breach to a “state-sponsored actor.” 


In mid-December, the company disclosed that another security breach dating back to August 2013 had compromised as many as one billion accounts. Affected users were at risk of having their names, email addresses and passwords stolen by an “unauthorized third party,” Yahoo said. 

“As we have previously disclosed, our outside forensics experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” a Yahoo spokesman told AP on Wednesday.

“The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders,” the spokesman said.

Earlier Wednesday, Bloomberg reported that Verizon Communications Inc., which has agreed to purchase Yahoo Inc., is eyeing a lower price for the company following the breaches. Verizon reportedly wants to knock roughly $250 million off the $4.8 billion price tag.

The new disclosure from Yahoo follows a letter sent by two Republican senators last week demanding the company provide more information about the data security breaches.