Clever hackers don't even need your password to access your account

 人参与 | 时间:2024-09-21 17:38:55

Here we go again.

Yahoo is warning some of its users that hackers may have used forged cookies -- small files that websites create to store your information -- to log into their accounts, thus gaining access without a password.

Forging. Cookies.

SEE ALSO:Marissa Mayer is stepping down from Yahoo's board of directors — if the Verizon deal goes through

The attack, which was originally announced in a security update in December 2016, took place between 2015 and 2016. It's the latest in a series of cybersecurity issues faced by the tech company.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

Yahoo forensic experts have been investigating the creation of forged cookies linked to state-sponsored hackers that "could have enabled an intruder to access our users' accounts without a password."

"The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again," said a statement.

A source familiar with the investigation said notifications have gone out to a reasonably final list of users. So there's a good chance you already know about this.

The process for creating these cookies is quite sophisticated -- and rather worrying.

While many hackers would just try to steal your passwords, these smart guys forged cookies that would dupe a web browser into telling Yahoo you had already logged in.

Featured Video For You
This 3D-printed wheelchair could greatly improve lives of wheelchair users

TopicsCybersecurityYahoo

顶: 2踩: 1