Yahoo could be facing another embarrassing security situation after it reportedly uncovered evidence of another troubling security breach.
The company sent out alerts to its email users this week concerning a possible further attack involving their login details.
The news is the latest major security issue to affect Yahoo in recent months as the online giant looks to safeguard its users' accounts.
Yahoo users are being warned that their accounts could once again be at risk
The email, sent out to Yahoo customers on Wednesday, warned users of a “data security issue” affecting their account.
The alert (pictured below) goes on to say that hackers apparently may have used forged cookies that could have allowed intruders to access a user account without needing a password.
Cookies are used by websites like Yahoo to give users quick access to their username and password information without needing to re-enter it every time they log in to the site.
That means that anyone able to create forged cookies may be able to gain entry to Yahoo user accounts without the user's permission.
JOSHUA B PLOTKIN – TWITTER
Yahoo users were sent this email earlier this week
A Yahoo spokesperson told Express.co.uk, "As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password.”
“The investigation has identified user accounts for which we believe forged cookies were taken or used.
“Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again."
The security investigations are now in their final stages, a source familiar with the operation added.
Get Quotes on Home Insurance
13 of the biggest cyber-attacks, hacks and data breaches Tue, January 10, 2017
From viruses to data breaches, cyber-crime is far from a modern invention – here is Express.co.uk's list of some of the biggest attacks in history.
Play slideshow WPTIDBITS 1 of 13
Melissa gained fame for infecting Microsoft users
The email says that attack may have occurred between 2015 and 2016, meaning it looks to be separate to the previous major cyber-attacks that have plagued Yahoo in recent years.
Last September, the company revealed that “at least” 500 million users may have had their details stolen in 2013, with ‘state-sponsored’ hackers reportedly to blame.
However, this was then dwarfed also by the later disclosure that over a billion Yahoo user accounts were affected in a separate breach which reportedly took place in 2014, but was not disclosed until last year.
The breach could have led to the names, email addresses, telephone numbers, dates of birth, hashed passwords, as well as security questions and answers, being accessed.
However the company assured customers that no financial information had been compromised.
If you think you’ve been the victim of a cyberattack, check out Express.co.uk’s guide on the next steps to take here.
Yahoo CEO Marissa Mayer has already said she will step down soon
The news may also mean a further blow to Yahoo’s ongoing acquisition deal by US telecoms and media giant Verizon.
Last year, Verizon agreed to buy Yahoo’s core business for around $4.8 billion, but reports earlier this week suggested that a renegotiated deal is knocking around $250 million off the price.
Verizon apparently insisted on the price cut due to the multiple security breaches that affected Yahoo, which is now under investigation by the Securities and Exchange Commission (SEC) for not disclosing details of the breaches sooner.
The company will also soon be losing its CEO Marissa Mayer, who said she would be stepping down from the board once the Verizon takeover is complete.