Yahoo! Had launched an investigation when it found out that hackers responsible for 'The Cookie Attack' had violated its users' privacies. The results' findings then led the online platform to warn their users and taught them how to defer from being victims of the hackers.
Yahoo! Sent out e-mails to their customers about how hackers orchestrated 'The Cookie Attack.' The e-mail stated, "Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account," reported CNET. In fact, the online company had initially informed their users of this occurrence since December of last year. The hackers were said to have gained access to the enterprise's database since the security breach that took place way back 2013.
Because of the 2013 incident, 'The Cookie Attack' was easily detected by Yahoo!'s team because it was part of the biggest data breach on record. The experts of the company identified the hacker activity quickly because Yahoo!s development team created a sophisticated technique after the breach.
How were the hackers able to do it? They forged little web browser tokens called cookies. Instead of signing in, the hackers would tick the web browser and use the cookies to log into other people's account. A feature easily activated by users who say, "keep me logged in." Even if the Yahoo! Users have already closed their browsers; the service would still send the username and password.
In other news, PC Mag reported that in order for Yahoo! Users keep their privacy from being violated, users who ticked the 'remember me' option could no longer use the forged cookies again. However, the company still continue to investigate the matter that no other options were suggested.
According to Yahoo!'s original statement, the hackers who orchestrated 'The Cookie Attack' are possibly state-sponsored. Therefore, the hackers were on the payroll of a foreign government.