Yahoo are notifying their customers about a new attack campaigns initiated by computer unknown that use forged cookies to hijack user accounts.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Latest Yahoo Attack Uses Forged Cookies
Another Yahoo hacker attack has been reported. The company confirmed that some of its customers became victims of a dangerous new malicious campaign. It is used to the accounts of the victims via forged cookies. Instead of brute forcing the passwords of the targets with dictionary attacks, the hackers have turned to the crafting of cookies that are used in the authentication process. The company has sent an email notice to a group of their customers who are believed to have been impacted by the attack campaign. According to the message the attempts were made in 2015 and 2016. An investigation is currently ongoing to reveal more details into the incidents.
In a security notice posted back in December 2016 the company revealed that unauthorized users were able to access their proprietary backend code. That incident gave them insight on how the company generated the authentication cookies and it is very likely that the same party is now leveraging their knowledge into a working attack campaign.
An excerpt of Yahoo’s notice reads the following:
We are writing to inform you about a data security issue that involves your Yahoo account. We have taken steps to secure your account and we are working closely with law enforcement.
Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.
How Forged Cookies Work and How Yahoo Was Hacked
Using forged cookies in hacker attacks is a popular technique which is also known as session hijacking. When a user logs into their account a unique pair of strings which contains the path of the automatic redirect is created. After a certain predefined period of time this string expires. The value, also known as the “magic” or “session” cookie is stored both on the server and the local browser of the computer user.
This system can be abused if the hacker knows the expiration time and the exact mechanism in which the cookie is crafted. From there on it is not difficult to sense users who may have recently logged on and have an active magic cookie active on their system. The hackers simply create their own pair that matches the target’s cookie and uses it to login to the system. Such hacking attacks intrude into the target accounts without actually needing any credentials such as usernames or passwords.
Various types of malware can be used to deliver other forms of attacks which can cause data damage, sabotage and other types of damage. We recommend that all of our users stay safe and protected by using a quality anti-spyware solution.