Yahoo is once again on a hot seat as the company reportedly contacts its users to warn them that their accounts may have been hacked. This isn't the first time that Yahoo has faced a hacking issue. In September, the company revealed that it had undergone a data breach two years prior and it affected about 500 million accounts. In October, Yahoo also admitted that another incident affected about a billion user accounts.
In the latest Yahoo security embarrassment, as what Neowin described it, forged cookies may have been the ones to blame for the compromised accounts. Yahoo sent an email to some of its users saying that their outside forensic experts are investigating the "creation of forged cookies" that could enable intruders to access accounts even without having a password. As per the ongoing investigation, Yahoo believes that hackers may have used a forged cookie in 2015 or 2016 to get into users' accounts.
The company confirmed to ZDNet that the reported email is legit and they further explained that hackers stole the source code that is used in generating cookies. Yahoo said that they have invalidated the cookies as soon as the latest attacks have been discovered. As per a company spokesperson, the investigation has led them to identify the user accounts that they believe are victims of forged cookies and Yahoo is currently in the process of notifying these users.
This new cyber-attack controversy adds up to Yahoo's negative image. It was just recently when Yahoo once again made headlines as Verizon, who was said to be buying the company, lowered its offer by $250 million. All the hackings that Yahoo has faced in the past have clearly affected its market value to its potential buyers. Additionally, the company continues to face questions from lawmakers who have recently criticized them for being unable to answer basic questions about the infamous cyber-attacks.