LONDON (AP) Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest development in the internet company’s investigation of a mega-breach that exposed 1 billion users’ data several years ago.
Yahoo confirmed Wednesday that it was notifying users that their accounts had potentially been compromised but declined to say how many people were affected.
In a statement, Yahoo tied some of the potential compromises to what it has described as the “state-sponsored actor” responsible for the theft of private data from more than 1 billion user accounts in 2013 and 2014. The stolen data included email addresses, birth dates and answers to security questions.
The catastrophic breach raised questions about Yahoo’s security and destabilized the company’s deal to sell its email service, websites and mobile applications to Verizon Communications.
The new malicious activity reported by Yahoo revolved around the use of “forged cookies” – strings of data which are used across the web and can sometimes allow people to access online accounts without re-entering their passwords.
A message sent to an Associated Press reporter earlier Wednesday said that, “based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”
Other Yahoo users also posted messages to Twitter to report receiving similar messages.