After revealing last year that over a billion of its users' accounts had been hacked in two separate occasions, Yahoo just revealed another hack, involving some 32 million accounts that have been accessed by intruders over the past two years.
Reuters reported that the accounts were compromised using forged cookies. Yahoo is said to be in disbelief that the accounts were accessed by the "Same state-sponsored actor believed to be responsible for the 2014 hack." About 500 million accounts were hacked in the 2014 attack.
"Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," said Yahoo in its latest annual filing.
In an effort to diffuse the situation, Yahoo announced that it would not award CEO Marissa Mayer a cash bonus for 2016 due to the findings of an independent committee's research into the 2014 security issues. The CEO has also offered to pass up any 2017 annual equity award due to the data breaches.
In September of last year, Yahoo confirmed that 500 million user accounts had been breached during a hack in late 2014. In addition, Yahoo announced in December of last year that another 1 billion accounts were accessed in a data breach that occurred all the way back in 2013.
All of the controversy is happening just as Yahoo is being acquired by US telecoms giant Verizon which is purchasing its core internet business. Because of the security concerns, Verizon revealed last month that it was cutting $350 million from its acquisition price bringing it down to $4.48 billion. The acquisition is expected to close in the second quarter of 2017.