32 Million Yahoo Accounts Were Accessed Using Forged Cookies

Last year Yahoo disclosed two major data breaches within its network which affected billions of users worldwide. These two separate breaches came to light, while Yahoo was finalizing its deal with Verizon and as a result Verizon lowered its original offer by $350 million.

In an official statement yesterday, Yahoo shared some of findings from an independent committee. The company said that an unauthorized third party accessed its proprietary code and learned how to forge certain cookies.

As a result about 32 million user accounts were accessed by intruders in the last two years using forged cookies. These cookies now have been invalidated so they cannot be used to access user accounts.

These forged cookies allowed the intruders to access a user’s account without a password and once they get inside they can read all the emails, private information and financial data.

The company further said that some of the latest intrusions can be connected to the “same state-sponsored actor” responsible for previous attacks. This state actor is believed to be tied to Russia and China. Yahoo also blamed, unnamed senior executives who failed to grasp the extent of the breach early enough.

Marissa Mayer Loses Bonus, still Gets Enough:

Yahoo would not award Chief Executive Marissa Mayer a cash bonus for 2016, following the findings related to the 2014 security incident. Furthermore Mayer has also offered to renounce any 2017 annual equity award as the breaches occurred during her tenure.

According to CNN, Mayer has received more than $162 million in salary and stock awards and is eligible for about $57 million in severance pay. So she could still exit Yahoo with around $219 million in the bank.