Yahoo has sent out another round of account compromise notifications, warning users that hackers may have accessed their accounts by using forged cookies instead of passwords. How many in total, the company wouldn’t say. This attack is not exactly news, as the company disclosed it in November 2016 in a SEC filing. But, after the revelations about the massive Yahoo breaches from 2013 and 2014, it passed largely unnoticed. A first round of notifications to potentially affected users went out in December 2016, but that was obviously not the end of it.
ORIGINAL SOURCE: Help Net Security