Questions have continued to dog Yahoo as it negotiates its sale to Verizon for $4.5 billion. Yahoo last month promised to brief U.S. Senate staffers on the latest information relating to the 2013 breach, including details of 2015 and 2016 cookie-forging attacks that allowed attackers to access some users’ accounts without a password. Yahoo’s answers largely rehash what the search giant had already revealed via press releases and SEC filings. The company says it believes that “a majority of the user accounts that were affected by the 2014 [security] incident [were] affected” But given that 2013 breach may have compromised 1 billion accounts, that’s not exactly a shocking finding.”]
Source: https://www.cuinfosecurity.com/blogs/yahoo-defends-information-security-mojo-to-senators-p-2402