Yahoo has revealed more details about the large hacks against its users’ accounts, saying hackers may have been able to user a maneuver to break into accounts without stealing passwords.
Last year Yahoo announced that an estimated one billion of its users had their accounts breached, which, according to Yahoo, involved forging of ‘cookies’ or files used to authenticate users when they log into their accounts.
The investigation into the hacks is in the final stage, AFP reported. Yahoo is said to be in the final stages of sending out notifications to the list of compromised account owners. A Yahoo spokesperson said the company was notifying all potentially affected users and said the forged cookies have been “invalidated”.
“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” said Yahoo in a statement. “The investigation has identified user accounts for which we believe forged cookies were taken or used.”
The company broke the news in September last year that in 2014 hackers stole personal information from more than 500 million of its users’ accounts. Yahoo then revealed another attack in December last year, this one dating back to 2013, which affected more than a billion users.
The data breaches have been a major setback for Yahoo which was a leading internet company, especially since it is currently in the process of selling its core operations to US telecoms giant Verizon for $4.8 billion. Following the disclosure of the hacks, reports say that Verizon and Yahoo have come to an agreement to discount the price by $250 million to $300 million.