Yahoo users are being warned that their accounts could once again be at risk
Yahoo could be facing another embarrassing security situation after it reportedly uncovered evidence of another troubling security breach.
The company has alerted users of its email service warning them of a possible further cyber attack.
The news is the latest major security issue to affect Yahoo in recent months as the online giant looks to safeguard its users' accounts.
The email, sent out to Yahoo customers on Wednesday, warned users of a “data security issue” affecting their account.
The alert (pictured below) goes on to say that hackers apparently may have used forged cookies that could have allowed intruders to access a user account without needing a password.
Cookies are used by websites like Yahoo to give users quick access to their username and password information without needing to re-enter it every time they log in to the site.
That means that anyone able to create forged cookies may be able to gain entry to Yahoo user accounts without the user's permission.
JOSHUA B PLOTKIN – TWITTER
Yahoo users were sent this email earlier this week
A Yahoo spokesperson told Express.co.uk, "As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password.”
“The investigation has identified user accounts for which we believe forged cookies were taken or used.
“Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again."
The security investigations are now in their final stages, a source familiar with the operation added.
Get Quotes on Home Insurance
13 of the biggest cyber-attacks, hacks and data breaches Tue, January 10, 2017
From viruses to data breaches, cyber-crime is far from a modern invention – here is Express.co.uk's list of some of the biggest attacks in history.
Play slideshow WPTIDBITS 1 of 13
Melissa gained fame for infecting Microsoft users
The email says that attack may have occurred between 2015 and 2016, meaning it looks to be separate to the previous major cyber-attacks that have plagued Yahoo in recent years.
Last September, the company revealed that “at least” 500 million users may have had their details stolen in 2013, with ‘state-sponsored’ hackers reportedly to blame.
However, this was then dwarfed also by the later disclosure that over a billion Yahoo user accounts were affected in a separate breach which reportedly took place in 2014, but was not disclosed until last year.
The breach could have led to the names, email addresses, telephone numbers, dates of birth, hashed passwords, as well as security questions and answers, being accessed.
However the company assured customers that no financial information had been compromised.
If you think you’ve been the victim of a cyberattack, check out Express.co.uk’s guide on the next steps to take here.
The news may also mean a further blow to Yahoo’s ongoing acquisition deal by US telecoms and media giant Verizon.
Last year, Verizon agreed to buy Yahoo’s core business for around $4.8 billion, but reports earlier this week suggested that a renegotiated deal is knocking around $250 million off the price.
Verizon apparently insisted on the price cut due to the multiple security breaches that affected Yahoo, which is now under investigation by the Securities and Exchange Commission (SEC) for not disclosing details of the breaches sooner.