Yahoo stated that the attackers managed to create cookies of the company, were able to gain access to about 32 million user accounts without password.
"External forensic experts have identified approximately 32 million user accounts that they believe were compromised by fake cookies in 2015 and 2016," Yahoo revealed in its annual report, filed with the US Securities and Exchange Commission.market (SEC), on Wednesday.
"We believe that a part of this activity is connected with the state sponsors themselves hackers who are believed to be responsible for the 2014 security incident. "
Yahoo began to alert some of its customers in mid-February that attackers had access to their accounts using sophisticated cookies.
The company unveiled details of the first hack in September last year, and reported that about 500 million user accounts were violated. Yahoo also said that although passwords and some other information had leaked, hackers were unable to obtain bank account information.
In December a second violation was revealed, believed to have stolen more than 1 billion accounts in August of 2013.
In a statement, Yahoo reported that hackers had stolen names, e-mail addresses, phone numbers, hashed passwords, birthdates, and in some cases, encrypted or unencrypted security questions and answers.
To date, there are approximately 43 lawsuits filed against Yahoo in the United States over the specific security incidents. Last month, Yahoo and Verizon agreed to reduce the price of the impending acquisition deal by $350 million in the wake of two attacks and are expected to share some of the legal and regulatory responsibilities when the deal between the two companies closes.
The agreement, which so far is valued at about 4.480.000.000 dollars, is expected to be completed in the second quarter of 2017.