Yahoo has had a tough time lately. Over the past few months, the company has confirmed massive cyberattacks that happened in 2014 and 2013.This affected more than 500 million and 1 billion user accounts.
Well, Yahoo has now confirmed another cyberattack. It was a cookie-forging attack and it left more than 32 million accounts breached. We don’t have a lot of details right now but it’s believed to have taken place between 2015 and 2016. So things are not great at Yahoo.
An investigation by the U.S. Securities and Exchange Commission is now underway and Yahoo thinks that this attack could have been linked to the 2014 attack in some way. The attack that left 32 million accounts compromised was made possible by using a sophisticated attack vector that used forged cookies to access user accounts. Yahoo’s SEC filings reveal that it invalidated the forged cookies soon after they were discovered.
Of course, the SEC promised to look into the hackings after reports emerged suggesting that Yahoo had ample knowledge of the situation to disclose the cyberattack to investors in 2014. The agency also concluded that some top executives failed to “properly comprehend or investigate” the full extent of the breach. Again, the company’s legal team had enough information to open an inquiry. Yahoo just can’t get a break, but they made it worse by keeping quiet.