Yahoo seems to be in trouble once again. The internet giant that disclosed two massive data breaches last year has issued a statement on Wednesday saying that 32 million user accounts were accessed by intruders in the last two years using forged cookies.
As reported by techportal.com, Yahoo filed a document with the U.S Securities and Exchange Commission (SEC), which states that the hackers used the code obtained from the breach to forge cookies and access these accounts.
The document also mentions that some of the recent intrusions can be traced back to the first massive breach in 2014 that affected about 500 million accounts.
Yahoo said, "Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies.
We believe that some of this activity is connected to the same state-sponsored actor believed to be responsible for the 2014 security incident. The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016".
Besides, Yahoo CEO Marissa Mayer issued a statement saying that she'll forgo her 2016 bonus and any stock award for this year after the company admitted it failed to properly investigate hack attacks that compromised more than a billion user accounts.
As noted, Yahoo in 2016 disclosed that a group of cyber hackers had scooped into their email system and hacked 1 billion email accounts in 2013. In a statement to the media, Yahoo asserted that the hackers had recorded user's personal information, and the company is clueless on the hackers identity, and what happened to the recorded information.
To mitigate the damage, Yahoo took steps to alert the affected customers to change their passwords and security questions and answers, and review their accounts for any suspicious activity.
The company also recommends users to avoid using similar passwords for all social media accounts, and not to click on any link and download attachments that they receive from any suspicious email ids.