According to the report issued by the United States Securities and Exchange Commission, 32 million Yahoo! user accounts have been hacked through a so-called cookie-forging attack. This attack allows access to the accounts without using the access credentials using forged cookies.
This incident occurred in the middle of February, is aggravated by the events in 2013 and 2014 in which the company suffered two similar attacks. As a result, more than 1.5 billion accounts were compromised.
Yahoo! confirms that an intruder could have taken the code resulting from the forged cookies investigation that the company's forensic expert team worked with, and thus have access to the accounts. After the incident the forged cookies were invalidated and no longer allow access without authentication.