Last month, Yahoo started notifying people that it had discovered yet another account breach had occurred. Apparently a forged cookie attack had been used to access a new set of accounts over the past two years. At the time, it wasn't known how many accounts had been accessed, but now we know and it's in the millions again.
Remember, Yahoo already admitted over a billion accounts were compromised in August 2013. That was followed by a further 500 million accounts being accessed in 2014. This latest breach is, relatively speaking, quite small, with only 32 million accounts being accessed.
According to Reuters, Yahoo believes these new accounts were accessed by the same "state-sponsored actor" responsible for the 2014 breach. The proprietary code running Yahoo's systems was accessed so as to learn how to forge cookies. Those unauthorized cookies were then used to access user accounts.
The cookies have since been invalidated to block further access and all affected users should have been contacted by Yahoo regarding how to re-secure their accounts. As to why hackers take the time to breach Yahoo's servers and access accounts, it turns out the data is worth something. In August last year it was revealed that some of the stolen Yahoo data was available for sale on the dark Web for $300,000.
More From PCmag
CEO Marissa Mayer won't be receiving a cash bonus for 2016 and offered not to take any 2017 annual equity. Meanwhile, Verizon lowered the price it was willing to pay for Yahoo's core assets by $350 million to $4.48 billion. Could it fall even further now?