Yahoo has provided further clarification on cookie forging activity related to data breaches disclosed in September and December of last year. A Dark Reading report implied the forged cookies were used in a third incident, but this was limited to the two 2016 breaches. Shuman Ghosemajumder, CTO at Shape Security, says this update doesn’t add much to the overall story. Most people will focus on users’ Yahoo accounts, but the damage affecting those has been done, he says. Cybercriminals will have an easier time increasing the number of compromised credentials.”]