Now, unfortunately, it has happened again.
The company issued a terse, short statement that reads as follows:
“Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”
The hack is innovative in that it doesn’t involve the stealing of passwords. Instead, hackers trick a user’s web browser into telling Yahoo that they’ve already logged in by forging the cookie that the browser uses to track status. This is the mechanism that allows you to close your browser window and open it again later without having to log in again.
The exact number of people to have received this message from Yahoo is unclear, but if the recent past is any guide, it could be hundreds of millions, if not more.
It’s not just the inconvenience, the potential for identity theft and the loss of trust, though. The hack has had real world consequences for the company that extend beyond even those things. Verizon is currently in talks with Yahoo about acquiring the company, and on the heels of the announcement, have reduced their bid price by at least $250 million dollars.
All indications are that the deal will eventually go through, but the lost trust has translated into a loss of company valuation.
While it’s true that no system will ever be completely secure, this latest breach underscores the very real economic pain your business could feel if you’re on the receiving end of a similar attack. The bottom line is two-fold. First, if you use Yahoo email, it’s time yet again to change your password. Second, your company is not immune to the same kind of attacks that have damaged Yahoo’s trust and valuation. Now is the time make sure your digital security is as good and robust as it can be.