Skip to main content

Haven’t Used Yahoo In Years? You Still May Be Hacked

Purple Yahoo! logo
Cybersecurity, News

Yahoo’s most recent security breach could have far-reaching consequences, even to former users. Find out if you could be hacked because of an old, dormant Yahoo account.


Since 2013, Yahoo has announced no fewer than four massive security breaches. And that has led to “incident fatigue” among users. Chris Boyd, of Malwarebytes told The Register:

“The sense of confusion – 'Haven't I heard about this one and taken steps already?' - can lead to people becoming complacent with regards updating login, or worse, simply not bothering to shore up defences.”

Many Yahoo users have changed their passwords and assume they are now safe. But this time, the security breach bypassed security and gave hackers access to personal information that may be used across platforms

Forged Cookies Give Hackers Access Without Passwords

This most recent disclosure is different from previous hacking attempts. Yahoo has been sending emails to affected users that say:

“Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”

It seems hackers were able to steal the source code of software on Yahoo’s internal servers, and create strings of data that fooled the software into thinking the hackers were already logged in as legitimate users. These forged cookies meant the hackers never needed to enter a password, and left many users without even the most basic level of cybersecurity.

Yahoo Breach Becomes a Back Door to Security Information Elsewhere on the Web

For many, news of a Yahoo breach may not raise concerns. They may have abandoned their accounts years ago. But the nature of the hack means that even dormant Yahoo users still need to be worried. The hackers accessed to a variety of personal information including:

  • Usernames

  • Passwords

  • Birth dates

  • Security question answers

If you use similar usernames or passwords across platforms, the Yahoo hack could threaten your other accounts. By gaining access to personal details that follow you across the web, these hackers could put your entire online security at risk.

What To Do To Protect Against Yahoo Hack Consequences

Security on most websites is opt-in, which means many people aren’t safe. To up your game and protect against the consequences of the Yahoo hack you should:

  • Never re-use passwords

  • Use a memorable pass-phrase

  • Use a password manager to generate unique, secure passwords

  • Enable two-factor authentication wherever available

  • Delete dormant email accounts

Whether you log in to Yahoo daily, or haven’t used your account in years, it is time to pay attention and take action. It could protect you from becoming the victim of a hack.

Provisio Technology Solutions provides technical consulting and web development for small and medium businesses. Contact Provisio today to schedule a meeting and protect your cybersecurity.