One of the known names in the world of technology, Yahoo, has claimed their systems were breached by an unknown party that attained Yahoo’s code, resulting in the hacker(s) counterfeiting cookies to gain access to more than thirty million Yahoo accounts without the need of passwords.
“Based on its investigation, the Independent Committee concluded that the Company’s information security team had contemporaneous knowledge of the 2014 compromise of user accounts,” says the United States Securities & Exchange Commission in their report. “As well as incidents by the same attacker involving cookie forging in 2015 and 2016.”
Many security experts believe the forged cookies that are currently being used may have been hacked as early as 2015.
Yahoo disclosed its findings in a report it jointly created with the United States Securities & Exchange Commission, and further stated that the hack involved state-sponsored actors.
“As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted,” says Marissa Mayer through her Tumblr account. “When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies.”
The purple tech giant warned customers during the start of this year, informing them of the hackers accessing their accounts using hacked codes.
Furthermore, the company’s previous hacks are related to the current problems with the state-sponsored actor(s) now. Yahoo also stated that in earlier reports published in 2014, senior members of the company failed to act on preventing further damage.
“I am the CEO of the company and since this incident happened during my tenure,” said the CEO and President of Yahoo, “I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus is redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.”
As a result, many high profile employees such as Marissa Mayer and others won’t receive their yearly bonuses, while other members of the company have resigned.
“Committee found that failures in communication, management, inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident,” highlights the report from the United States Securities & Exchange Commission. “The Independent Committee also found that the Audit and Finance Committee and the full Board were not adequately informed of the full severity, risks, and potential impacts of the 2014 Security Incident and related matters.”
Source: The Hacker News, Ars Technica, United States Securities & Exchange Commission
This article (Yahoo Says Over 30 Million Accounts Hacked by State-Sponsored Actor) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.
Supporting Anonymous’ Independent & Investigative News is important to us. Please, follow us on Twitter: Follow @AnonymousNewsHQ