Reuters/Pascal Lauener
Yahoo is telling some of its users that hackers may have logged into their accounts, using a forged "cookie" which gives access even without a password.
According to CNET, the attack was originally announced in September, but has largely been overlooked until now as the revelation was included within a larger announcement about a Yahoo security breach considered the largest in history.
Yahoo said it had connected some of the cookie-based attacks to the "same state-sponsored actor" believed to be responsible for one of the other hack.
It's unclear why some of the users are receiving the notification now, months after Yahoo first disclosed the cookie attacks.
Cookies are used to store personal information in the browser, so you don't have to type in your user information again. Yahoo said in its September announcement that "an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies."
Yahoo's spokesperson sent the following statement in response to this story:
"As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again."
NOW WATCH: Here's everything we know about the Samsung Galaxy S8 — Samsung’s most important phone
See Also:
- A 7-year-old girl asked Google for a job — and got a personal response from CEO Sundar Pichai
- 9 must-have tech gadgets under $100
- Trump's campaign reportedly had multiple contacts with Russian intelligence before the election
SEE ALSO: Verizon is reportedly close to a revised deal that cuts Yahoo's price by about $250 million
