Yahoo is at the center of another hacking incident — its third since 2013 — after the company discovered cyber attackers created “forged cookies” that can access user accounts without their login information. Yahoo told the Guardian that the forged cookies have been “invalidated” and cannot be used again, but the potentially malicious activity could still have implications for already-affected users.
Affected users are at risk of financial or identity fraud. Credit card information and personal details could be accessible through breached accounts.
Compromised accounts should have received an email from Bob Lord, Yahoo’s chief information security officer, warning of the data security issue. The company said that almost every affected user had been notified as of Wednesday, but that investigations are still ongoing, the Guardian reports.
The number of affected users remains unknown. All Yahoo account owners should check to see if they’ve received Lord’s email, which includes security recommendations for protecting accounts going forward. An affected account should be reviewed for suspicious activity and users should avoid responding to unsolicited messages.