Yahoo’s own software to blame for hack – How secure is your information?

Trust in Yahoo has been rapidly declining for several months now. First there was a massive data breach reported in September that actually occurred back in 2014. Then, earlier this week we found out about an even bigger breach that took place in 2013.

In the most recently reported attack, over 1 billion Yahoo user accounts were hacked. This is nearly every single Yahoo customer worldwide. Almost lost in this shocking news was another attack in which hackers used Yahoo’s own software against the tech giant.

What we’re talking about is how hackers used ‘forged cookies’ that allowed them to access user accounts without their credentials. It wasn’t part of the 2013 data breach, it happened more recently in 2015 and 2016. Yahoo acknowledged this in its security statement that it released this week.

“Separately, our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, the outside forensic experts have identified user accounts for which they believe forged cookies were taken or used in 2015 or 2016. The company is notifying the affected account holders, and has invalidated the forged cookies. We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016.”

What are cookies?

“Cookies” aren’t the kind of cookies you’d find at your local bakery. They’re small bits of data stored on your browser that you receive from many websites.

Most of these cookies are used to save your personal settings and preferences. This means when you go to a site that you visit frequently, you don’t have to enter your credentials every time. It’s a nice little time-saver.

The downside is situations like the one Yahoo just reported when hackers create forged cookies to get into your account. This is just another bad situation that Yahoo customers have been put in over the last couple years.

Closing your Yahoo account

With everything that has happened, we strongly suggest deleting your Yahoo account. Here is how you can close your Yahoo account:

  • Go to the “Terminating your Yahoo account” page.
  • Read the information under “Before continuing, please consider the following information.”
  • Confirm your password – if you forgot your password, you can recover it with the Yahoo Sign-in Helper.
  • Click Terminate this Account.

Remember, if you do close your Yahoo account, you will not be able to use services associated with it. If you decide to keep it, which we do not recommend, at the very least make sure you have a strong password. Here are three proven formulas for creating hack-proof passwords.