Yahoo also announced today that its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password.“The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used.The data does not appear to include payment details or plaintext passwords, but it’s still bad news for Yahoo account holders.The hashing algorithm MD5 is no longer considered secure and MD5 hashes can easily be looked up online to discover the passwords they hide.Seven at night on the Friday before Christmas and I was rushing to meet a deadline.
Today’s revelations add to Yahoo’s long string of security problems.He was in his car and had received an email on his Black Berry supposedly sent by me, saying I was in trouble in Spain and urgently needed money wired to me.The same email and text was sent out in my name to nearly 1,000 people all over the world.“As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation,” a Verizon spokesperson said today. Yahoo’s general counsel Ron Bell asked Director of National Intelligence James Clapper to provide the public with more clarity about the email scanning program.“We will review the impact of this new development before reaching any final conclusions.” (Disclosure: Verizon owns AOL, which is the parent company of Tech Crunch.) Yahoo also faced scrutiny over its security practices in October, when Reuters reported that the company had scanned all of its users’ accounts in early 2015 at the behest of a U.
Yahoo says it is notifying the account holders affected in the breach.