Yahoo stated that the attackers managed to create cookies of the company, were able to gain access to about 32 million user accounts without password.
"External forensic experts have identified approximately 32 million user accounts suspected of using counterfeit cookies to breach in 2015 and 2016," Yahoo said in its annual report to the Securities and Exchange Commission (SEC). Wednesday.
"We believe that a part of this activity is connected with the state sponsors themselves hackers who are believed to be responsible for the 2014 security incident. "
Yahoo began to alert some of its customers in mid-February that attackers had access to their accounts using sophisticated cookies.
The company unveiled details of the first hack in September last year, and reported that about 500 million user accounts were violated. Yahoo also said that although passwords and some other information had leaked, hackers were unable to obtain bank account information.
In December a second violation was revealed, believed to have stolen more than 1 billion accounts in August of 2013.
In a statement at the time, Yahoo said hackers had stolen names, email addresses, phone numbers, hashed passwords, dates of birth, and in some cases, questions and answers. security encrypted or unencrypted.
To date, there are approximately 43 lawsuits filed against Yahoo in the United States over these security incidents. Last month, Yahoo and Verizon agreed to reduce it price of the impending acquisition deal by $350 million in the wake of the two attacks and are expected to share some of the legal and regulatory obligations when the deal between the two companies closes.
The agreement, which so far is valued at about 4.480.000.000 dollars, is expected to be completed in the second quarter of 2017.