“Some Yahoo users recently received alerts that intruders may have accessed their accounts last year using forged cookies. A forged cookie can grant access to account information without needing passwords. The tech company previously disclosed the scheme—and blamed unnamed state-sponsored actors—in late 2016, but sent alerts to users Wednesday, The Guardian reported. Yahoo didn’t say how many users were affected.”
Source: Yahoo Issues Fresh Warning About Forged Cookie Breach – Nextgov.com