There just doesn't seem to be an end to Yahoo's reports of data breaches. The company has revealed yet another massive breach that affected 32 million accounts. These accounts are in addition to nearly 1.5 billion accounts that were affected by two data breaches that the company disclosed last year. The latest breach that affects 32 million accounts is the same attack that Yahoo had revealed earlier in February, but hadn't disclosed the number of accounts that were affected by it.
"We are writing to inform you about a data security issue that involves your Yahoo account," Yahoo had said in a notification sent to its users. "Our outside forensics experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 and 2016 to access your account."
Yahoo reports its third mega breach in 6 months
Reuters is now reporting that the company has said in its latest filing that about 32 million user accounts were accessed by intruders in the last two years using forged cookies. Previously, Yahoo hadn't disclosed the number of accounts that were affected by this particular breach. Similar to the last two mega breaches, Yahoo is again blaming an unnamed state for sponsoring the attacks.
“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo said in its latest annual filing.
Yahoo assured that it has now invalidated those cookies so they can no longer be used to access user accounts.
Yahoo said some of the latest intrusions using forged cookies can be connected to the "same state-sponsored actor believed to be responsible for the 2014 breach." The 2014 breach had affected at least 500 million accounts.
Marissa Mayer won't receive any cash bonus
The company also said that it would not be awarding CEO Marissa Mayer a cash bonus for 2016, following the independent committee's findings into the 2014 security incident. "Mayer has also offered to forgo any 2017 annual equity award as the breaches occurred during her tenure," Reuters reported.
Mayer said in a statement she didn’t become aware until September that a "large number of our user database files had been stolen" in 2014. Previous reports had suggested that Yahoo employees knew about the damning breach ahead of its public disclosure in September, last year.
Separate reports confirm that Yahoo’s general counsel, Ronald Bell, also resigned on Wednesday after working at Yahoo for 17 years.
All of these breach disclosures came when Yahoo and Verizon were closing an acquisition deal. Following the first two reports, Verizon was expected to ask for a huge discount. In response to the growing security concerns and new breach reports, Verizon revealed last month that it was cutting $350 million from its acquisition price, bringing it down to $4.48 billion.
