Yahoo says it is notifying the account holders affected in the breach.Affected users will be required to change their passwords.
Several Army and security people joked that they might have believed the email if it said the Taleban had kidnapped me in Kandahar. Just before midnight I unearthed a 'corporate public relations' phone number somewhere in California where it was still office hours.
An automaton answered saying the 'media hotline' was on answerphone and it remained that way for the whole weekend.
We are notifying the affected account holders, and have invalidated the forged cookies,” Lord said, adding that he believed the attack was launched by a state-sponsored actor.
Today’s revelations add to Yahoo’s long string of security problems.
Yahoo employees reportedly knew of the intrusion that led to the theft of data from 500 million users as early as 2014, but the company did not announce the breach until this September.