Yahoo Notifying Users of Malicious Account Activity as Verizon Deal Progresses (techcrunch.com) 18
Kate Conger, writing for TechCrunch: Yahoo is continuing to issue warnings to users about several security incidents as it moves toward an acquisition by Verizon. Users are receiving notifications today about unauthorized access to their accounts in 2015 and 2016, which occurred due to previously disclosed cookie forging. "As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again," a Yahoo spokesperson told TechCrunch.