Yahoo Notifying Users of Malicious Account Activity as Verizon Deal Progresses

Kate Conger, writing for TechCrunch: Yahoo is continuing to issue warnings to users about several security incidents as it moves toward an acquisition by Verizon. Users are receiving notifications today about unauthorized access to their accounts in 2015 and 2016, which occurred due to previously disclosed cookie forging. "As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again," a Yahoo spokesperson told TechCrunch.

Re:

[erp_consultant]

Don't bother. It has shriveled up and smells like a rotting corpse from lack of use. That's what those 100 hour workweeks will do to you. Occupational hazard.

Where's my notification?

[__aaclcg7560]

I haven't gotten my notification yet. I haven't changed my password in 20 years.

Re:

[TharMonk]

Or, for the annoying other end of the spectrum, Yahoo has cheerfully informed me that my account was one of those that was compromised, and had me change my password.... for what was apparently an intrusion that did not require the password.

Re:

[__aaclcg7560]

[...] for what was apparently an intrusion that did not require the password.

Lucky you. Yahoo will let me change the password for my SBC Global email back when I had ATT DSL. I'm not allowed to change the password for the Yahoo account that my Yahoo email address is associated with.

Re:

[darkain]

I have not gotten mine yet, either! Oh wait, that's right, Yahoo just flat out deleted my account for being "Inactive" because I used it in the days of Yahoo Messenger and POP3/IMAP, but didn't log into the Yahoo Mail site directly. About 15 years of content, just gone.

Re:

[no1nose]

My account turns 20 sometime this year as well. But they made me change my password last year.

Re:

[Somebody Is Using My]

I'm getting emails that are warning me of "security issues" because I am accessing the account using Thunderbird, and not their ultra-secure website or mobile app. They don't offer any information to back up this assertion and it feels more an attempt to get me into using something where I will be forced to view their advertisements.

However, I was amused that their solution to this "problem" was to follow a bunch of links in the email, many of which led to a landing page which prompted me to type in my user

"Yahoo"?

[Frosty Piss]

What's that?

This is happening too often.

[SeaFox]

I still haven't updated my Yahoo settings on my tablet from the last time I had to reset my password (because of one of their hacks).

obviously, Yahoo doesn't care anymore

[turkeydance]

they've given up. get what they can get with a buyout, wash their hands, and lock the door,

Nation State

[speedplane]

Yahoo recently said that the attack was so sophisticated it must have been done by a nation state. But now, it turns out it's just forged cookies. Honestly, a 9th grader could pull that off. Liars.

Strive harder

[JustAnotherOldGuy]

This from the company that leaked a billion accounts last year:

"...at Yahoo, we have a deep understanding of the threats facing our users and continuously strive to stay ahead of these threats to keep our users and our platforms secure,” the spokesman said.

All I can say is, "strive harder", cuz yer doin' a shit job of it so far.

(http://www.mercurynews.com/2017/02/15/yahoo-warns-users-about-malicious-activity-in-their-accounts/)

Yahoo account hacked

[Lui Karlos]

I think yahoo is the worst email service provider, but we can do one thing i.e. "RESET YAHOO PASSWORD".If you need any kind of help or you forgot your account password, you can visit here https://www.youtube.com/watch?... [youtube.com] It will help you to fix this issue.