The 2014 Yahoo hack began with a “Spear Phishing” e-mail sent to a “semi-privileged” Yahoo employees and not the company’s top executives early in 2014. It only takes one employee to click on either a malicious attachment or a link, and it gave attackers direct access to Yahoo’s internal networks. The hackers then used stolen cryptographic values called “” to generate forged access cookies for specific user accounts, giving both the FSB agents and hackers access to users’ email accounts without the need for any password.
Source: https://thehackernews.com/2017/03/yahoo-data-breach-hack.html