Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Notifying Users of Malicious Account Activity as Verizon Deal Progresses (techcrunch.com)

Posted by msmash on from the more-troubles dept.

Kate Conger, writing for TechCrunch: Yahoo is continuing to issue warnings to users about several security incidents as it moves toward an acquisition by Verizon. Users are receiving notifications today about unauthorized access to their accounts in 2015 and 2016, which occurred due to previously disclosed cookie forging. "As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again," a Yahoo spokesperson told TechCrunch.

18 comments

  1. Where's my notification? by __aaclcg7560 · · Score: 2

    I haven't gotten my notification yet. I haven't changed my password in 20 years.

    1. Re:Where's my notification? by TharMonk · · Score: 1

      Or, for the annoying other end of the spectrum, Yahoo has cheerfully informed me that my account was one of those that was compromised, and had me change my password.... for what was apparently an intrusion that did not require the password.

    2. Re:Where's my notification? by __aaclcg7560 · · Score: 1

      [...] for what was apparently an intrusion that did not require the password.

      Lucky you. Yahoo will let me change the password for my SBC Global email back when I had ATT DSL. I'm not allowed to change the password for the Yahoo account that my Yahoo email address is associated with.

    3. Re:Where's my notification? by Anonymous Coward · · Score: 0

      That is because Yahoo believes that *you* are the intruder.

    4. Re:Where's my notification? by darkain · · Score: 2

      I have not gotten mine yet, either! Oh wait, that's right, Yahoo just flat out deleted my account for being "Inactive" because I used it in the days of Yahoo Messenger and POP3/IMAP, but didn't log into the Yahoo Mail site directly. About 15 years of content, just gone.

    5. Re:Where's my notification? by no1nose · · Score: 1

      My account turns 20 sometime this year as well. But they made me change my password last year.

    6. Re:Where's my notification? by Somebody+Is+Using+My · · Score: 1

      I'm getting emails that are warning me of "security issues" because I am accessing the account using Thunderbird, and not their ultra-secure website or mobile app. They don't offer any information to back up this assertion and it feels more an attempt to get me into using something where I will be forced to view their advertisements.

      However, I was amused that their solution to this "problem" was to follow a bunch of links in the email, many of which led to a landing page which prompted me to type in my username and password. While I believe these emails were legitimate, it's /exactly/ the same sort of thing you would see in a phishing email, and contrary to what IT people have been trying to teach people for decades, mainly don't click on links in email!

      Eh, whatever. The yahoo account is mainly a spamtrap for websites that are so dodgy I don't even want to associate them with the /hotmail/ account.

  2. "Yahoo"? by Frosty+Piss · · Score: 1

    What's that?

    --
    If you want news from today, you have to come back tomorrow.
  3. This is happening too often. by SeaFox · · Score: 1

    I still haven't updated my Yahoo settings on my tablet from the last time I had to reset my password (because of one of their hacks).

  4. What a stupid title by Anonymous Coward · · Score: 0

    What a stupid title. Yahoo has notified users about suspicious activity since September

  5. obviously, Yahoo doesn't care anymore by turkeydance · · Score: 1

    they've given up. get what they can get with a buyout, wash their hands, and lock the door,

  6. People still use Yahoo? by Anonymous Coward · · Score: 0

    see subject. is it all just forwarding emails on pre-2000 addresses now?

  7. Replacement? by Anonymous Coward · · Score: 0

    Anyone got a good replacement recommendation? I'd like something that's a little bit more private than the constant Yahoo! hacks.

  8. Nation State by speedplane · · Score: 1

    Yahoo recently said that the attack was so sophisticated it must have been done by a nation state. But now, it turns out it's just forged cookies. Honestly, a 9th grader could pull that off. Liars.

    --
    Fast Federal Court and I.T.C. updates
  9. Re:Mmmm, foraged cookies by erp_consultant · · Score: 1

    Don't bother. It has shriveled up and smells like a rotting corpse from lack of use. That's what those 100 hour workweeks will do to you. Occupational hazard.

  10. Strive harder by JustAnotherOldGuy · · Score: 1

    This from the company that leaked a billion accounts last year:

    "...at Yahoo, we have a deep understanding of the threats facing our users and continuously strive to stay ahead of these threats to keep our users and our platforms secure,” the spokesman said.

    All I can say is, "strive harder", cuz yer doin' a shit job of it so far.

    (http://www.mercurynews.com/2017/02/15/yahoo-warns-users-about-malicious-activity-in-their-accounts/)

    --
    Just cruising through this digital world at 33 1/3 rpm...
  11. Yahoo account hacked by LuiKarlos · · Score: 1

    I think yahoo is the worst email service provider, but we can do one thing i.e. "RESET YAHOO PASSWORD".If you need any kind of help or you forgot your account password, you can visit here https://www.youtube.com/watch?... It will help you to fix this issue.