OMG, Yahoo Mail Attacked by Hackers using Cookies Again

Yahoo Mail Attacked by Hackers using Cookies Again

Yahoo mail service users found out on Wednesday that some hackers used a technical trick with cookies to log into their accounts without keying in their passwords.
Yahoo Hacked by Forged Cookies.

"Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account," Yahoo users were told in an email.

How it works?

Instead of stealing your passwords, hackers trick a web browser into telling Yahoo that you'd already logged in.

To do this, hackers need to forge little web browser tokens called cookies.

How it happens to you?

You use cookies whenever you log into a service and check that box that says "keep me logged in," or, "remember me."

Even if you close the window, you won't have to log back in because the cookie stored by your browser tells the service that you have already submitted your username and password.

Yahoo Reporting Affected Users

Yahoo said in a statement on Tuesday that it was notifying people that they were affected by this attack as it continued its investigation.

Yahoo's Statement to the Attack

"As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password," a Yahoo spokesperson said.

"The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders."

The statement also said Yahoo has invalidated the forged cookies.

Yahoo thinks the group behind the attack is the same group of hackers stole their user information on 500 million user accounts in 2014.