In November 2016, Yahoo realised it had suffered a data breach back in 2013. Yahoo released information on what had happened and informed everyone who may have been affected by this.
See blog post https://fightback.ninja/the-yahoo-data-breach-reported-december-2016/ for more information.
Yahoo has now released more information concerning how this happened.
Yahoo say they called in outside forensic experts to examine what happened and there has been the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, the outside forensic experts have identified user accounts for which they believe forged cookies were taken or used in 2015 or 2016.
The company is notifying the affected account holders, and has invalidated the forged cookies. They have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016.
If you have not been contacted by Yahoo specifically about this, then your account will not have been affected.
However, if you have a Yahoo account then you should have changed your password and security questions and answers recently. If you haven’t done this then you should ASAP and also any other accounts that use the same login and password.
It is wise to review all of your accounts for suspicious activity and be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
Yahoo are doing everything they can to protect their customers data.
For further information go to https://help.yahoo.com/kb/account/SLN27925.html
Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.