Security & Fraud

Yahoo Reports Another Major Data Breach … Again


The data breach news keeps getting worse for Yahoo.

According to Reuters, Yahoo said that in the past two years nearly 32 million user accounts experienced unauthorized access by intruders using forged cookies.

In its latest annual filing, Yahoo provided more information about the cookie forging incident previous disclosed in December. The company said some of the more recently reported intrusions are connected to the “same state-sponsored actor believed to be responsible for the 2014 breach.”

That breach in particular resulted in 500 million accounts going out the door and into the hands of an as-of-yet-unknown hacker or group, with data like email addresses, dates of birth, telephone numbers and encrypted passwords being compromised.

Shortly after that breach was disclosed, Yahoo reported last December that a new cybersecurity breach incident affected over a billion of its users and their private data.

Reportedly, an unauthorized third party stole data associated with the more than 1 billion Yahoo user accounts back in 2013. This billion-user figure means that hack stood as the largest data breach in the digital era.

“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo explained in its latest annual filing on Wednesday (Mar. 1).

The forged cookies enabled user accounts to be hacked without the use of a password.

Following an independent committee’s findings on the 2014 breach, it was announced that Marissa Mayer, Yahoo’s CEO, will not be getting her bonus this year, as the board has voted to revoke it.

The board noted that said bonus “was otherwise expected to be paid to her,” the filing noted.

Mayer has additionally chosen to give up her equity grant for 2017.  How much that amounts to exactly is unknown — but the minimum figure (based on the terms of her contract) would be in the neighborhood of $12 million.

“I am the CEO of the company, and … this incident happened during my tenure,” Mayer said in a statement. “[I] have expressed my desire that my bonus be redistributed to our company’s hard-working employees.”



B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.

Click to comment