Yahoo Reports Another Major Data Breach … Again


The data breach news keeps getting worse for Yahoo.

According to Reuters, Yahoo said that in the past two years nearly 32 million user accounts experienced unauthorized access by intruders using forged cookies.

In its latest annual filing, Yahoo provided more information about the cookie forging incident previous disclosed in December. The company said some of the more recently reported intrusions are connected to the “same state-sponsored actor believed to be responsible for the 2014 breach.”

That breach in particular resulted in 500 million accounts going out the door and into the hands of an as-of-yet-unknown hacker or group, with data like email addresses, dates of birth, telephone numbers and encrypted passwords being compromised.

Shortly after that breach was disclosed, Yahoo reported last December that a new cybersecurity breach incident affected over a billion of its users and their private data.

Reportedly, an unauthorized third party stole data associated with the more than 1 billion Yahoo user accounts back in 2013. This billion-user figure means that hack stood as the largest data breach in the digital era.

“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo explained in its latest annual filing on Wednesday (Mar. 1).

The forged cookies enabled user accounts to be hacked without the use of a password.

Following an independent committee’s findings on the 2014 breach, it was announced that Marissa Mayer, Yahoo’s CEO, will not be getting her bonus this year, as the board has voted to revoke it.

The board noted that said bonus “was otherwise expected to be paid to her,” the filing noted.

Mayer has additionally chosen to give up her equity grant for 2017.  How much that amounts to exactly is unknown — but the minimum figure (based on the terms of her contract) would be in the neighborhood of $12 million.

“I am the CEO of the company, and … this incident happened during my tenure,” Mayer said in a statement. “[I] have expressed my desire that my bonus be redistributed to our company’s hard-working employees.”