Security & Fraud

Yahoo Reports Another Major Data Breach ... Again


The data breach news keeps getting worse for Yahoo.

According to Reuters, Yahoo said that in the past two years nearly 32 million user accounts experienced unauthorized access by intruders using forged cookies.

In its latest annual filing, Yahoo provided more information about the cookie forging incident previous disclosed in December. The company said some of the more recently reported intrusions are connected to the “same state-sponsored actor believed to be responsible for the 2014 breach.”

That breach in particular resulted in 500 million accounts going out the door and into the hands of an as-of-yet-unknown hacker or group, with data like email addresses, dates of birth, telephone numbers and encrypted passwords being compromised.

Shortly after that breach was disclosed, Yahoo reported last December that a new cybersecurity breach incident affected over a billion of its users and their private data.

Reportedly, an unauthorized third party stole data associated with the more than 1 billion Yahoo user accounts back in 2013. This billion-user figure means that hack stood as the largest data breach in the digital era.

“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo explained in its latest annual filing on Wednesday (Mar. 1).

The forged cookies enabled user accounts to be hacked without the use of a password.

Following an independent committee’s findings on the 2014 breach, it was announced that Marissa Mayer, Yahoo’s CEO, will not be getting her bonus this year, as the board has voted to revoke it.

The board noted that said bonus “was otherwise expected to be paid to her,” the filing noted.

Mayer has additionally chosen to give up her equity grant for 2017.  How much that amounts to exactly is unknown — but the minimum figure (based on the terms of her contract) would be in the neighborhood of $12 million.

“I am the CEO of the company, and … this incident happened during my tenure,” Mayer said in a statement. “[I] have expressed my desire that my bonus be redistributed to our company’s hard-working employees.”



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment