Yahoo continues its decline slide as an analysis by the US Securities and Exchange Commission (SEC) confirmed more than 32 actor accounts were breached in a cookie-forging attack dating back to 2015 and 2016.

The news follows two abstracted massive breaches affecting over 500 actor and one billion users in 2014 and 2013 respectively. While capacity remain inconclusive, the analysis asserts the attack could have been linked to the 2014 hackings to some extent.

The breach complex a sophisticated attack vector that relied on cookie bogus to obtain access to user accounts. According to the filed documents, the afflicted accolade have since been invalidated.

This is what Yahoo wrote in the SEC filings:

In November and December 2016, we appear that our alfresco argumentative experts were investigating the conception of forged accolade that could allow an burglar to access users’ accounts after a password. Based on the investigation, we accept an crooked third party accessed the Company’s proprietary code to learn how to forge assertive cookies. The alfresco argumentative experts have articular about 32 actor user accounts for which they accept forged accolade were used or taken in 2015 and 2016 (the “Cookie Forging Activity”). We accept that some of this action is affiliated to the same state-sponsored actor believed to be amenable for the 2014 Security Incident. The forged accolade have been invalidated by the Aggregation so they cannot be used to access user accounts.

The SEC initially vowed to look into the hackings after allegations that Yahoo had acceptable ability of the bearings to acknowledge the attacks beforehand in 2014.

The findings note that during the centralized analysis conducted by Yahoo back in 2014, the aggregation was able to link back the attack to at least 26 compromised accounts. The owners of these accounts have since been notified.

More worryingly though, the government agency assured that assertive bearding senior admiral failed to “properly appreciate or investigate” the full extent of the breach. It also stated the Yahoo legal team had acceptable advice to open added analysis back in 2014.

“The Independent Committee found that failures in communication, management, analysis and centralized advertisement contributed to the lack of proper apperception and administration of the 2014 Security Incident,” the filing reads.

In light of these developments, today Marissa Mayer appear in a Tumblr post that she is fully taking responsibilities for these blunders as the CEO of Yahoo.

Mayer added said she has agreed to forgo her annual bonus and equity grant, cogent a desire that her added advantage be redistributed to “company’s accomplished employees.”

Meanwhile, Yahoo has agreed to give Verizon a massive $350 actor abatement on its antecedent $4.8 billion buyout valuation. But with all this drama surrounding the search engine service, one must really wonder when this high-profile accretion eventually turns into a massive accountability for the mobile carrier.