As you might have, Yahoo has experienced a spate of hacks in the past year or so which unfortunately left many accounts compromised. However it seems that even if you were lucky enough to not have been compromised in those particular attacks, Yahoo has recently issued a warning in which it seems that some user accounts could have been breached.
However this breach does not involve password hacking, but rather according to Yahoo, it seems that this involves the use of forged cookies. This means that hackers could have accessed user accounts without the need for a password. As to who might have been responsible, Yahoo is suggesting a “state-sponsored actor” but did not mention any names.
According to Yahoo, they have since identified the affected accounts and notified the owners. “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.” They have also invalidated the forged cookies so that they will not be usable again in the future.
Yahoo’s security nightmares are not doing them any favors with customers or Verizon who is in the midst of trying to acquire the company. Most recently we heard that Verizon was planning on renegotiating the deal in which it will see Yahoo discount themselves by as much as $250 million because of the hacks.