Once. Twice. Three time a victim.
Yahoo has notified users that once again, they were hacked. Already the victim of “The World’s Biggest Hack” which preceded, but revealed after another large hack, Yahoo can add a third notch to it’s belt.
This latest hack is due to a cookie vulnerability. This vulnerability was already disclosed back in December of 2016, Yahoo is now notifying users that may be victims of attacks.
Yahoo claims the attacker is most likely a “state actor” who used a forged cookie that was stolen from within Yahoo’s own systems. Utilizing this cookie, the attacker did not even need a password to get into user’s accounts. According to Yahoo, the vulnerability was used to access users accounts between 2015 and 2016.
Yahoo has become the perfect example of what can happen when companies offer products, with no true focus on cybersecurity.