Yahoo is being sued over its massive hack

Questions to be answered, legal departments to be paid overtime…

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Ambulance

As The Register reports, Yahoo is being sued after disclosing that hackers stole at least 500 million user records two years ago:

Two Yahoo! users in San Diego, California, filed on Friday a class-action claim against the troubled web biz: Yahoo! is accused of failing to take due care of sensitive information under the Unfair Competition Act and the state’s Consumer Legal Remedies Act, plus negligence for its poor security, and breaking the Federal Stored Communications Act.

The stolen Yahoo! database includes people’s names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers about their personal lives.

Sign up to our free newsletter.
Security news, advice, and tips.

You can check out a PDF version of the class action complaint here.

No doubt this won’t be the last legal action against Yahoo following its confirmation that it suffered such a damaging attack.

Questions will no doubt be asked as to whether Yahoo could have done more to protect itself in the first place, why it didn’t notice it had suffered a data breach sooner, and what has made the company conclude that its attackers were “state-sponsored”.

Meanwhile Yahoo users who believe they have been wronged will have to put together a convincing case that they have suffered a financial loss a direct result of the hack.

This could take a while…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

5 comments on “Yahoo is being sued over its massive hack”

  1. Bob

    Good – they deserve to be sued for failing to secure their customers' data and for negligently concealing the fact.

    I hope Verizon take harsh action against their acquisition as companies like Yahoo need to be punished and severely dealt with to act as a deterrent to other organisations.

  2. Jim

    Has their been 2 hacks? Just wondering as I vaguely remember having to update my email password at yahoo sometime ago.

  3. Jay

    I don't know if Yahoo has been negligent about security, but I have been monitoring my junk email, and I have accounts on three of the biggest free email services.

    I can definitely say that my Yahoo account seems to get the most junk email. Granted it's an old account that I've used a long time, but even older is the AOL account I use when I'm forced to give out a personal email to an organization I don't quite trust. The AOL gets much less, and Gmail even less than either of those two.

    I also am noticing the spammers use Yahoo frequently. I.e., if their shtick involves getting me to reply to some email address, it's often a Yahoo one.

    I am starting to suspect Yahoo is the least safe of the major free services. Fortunately Yahoo still lets you delete an email account. Looks like I still have some time to move off it as a primary email and then make it so there's nothing there to hack once I'm gone.

    I'm thinking of getting a good secure paid email service. Which should I get? It does not have to be safe from law enforcement, I just don't want my bank accounts hacked.

    Anyway thanks for this blog, I read it most every weekday. -J

    1. Bob · in reply to Jay

      If you want a secure email service look at:

      Posteo (https://posteo.de/en)
      ProtonMail (https://protonmail.com/)
      Tutanota (https://tutanota.com/)

      In order of preference above.

      Posteo is the most mature, offers the most features, is the cheapest and has great integration.

      ProtonMail is the new kid on the block, doesn't have some basic functionality (like calendaring or a proper address book), you can't export or import emails etc.

      Tutanota is another newish company but aren't used as much as the other two and, again, have far fewer features than Posteo.

      1. Jay · in reply to Bob

        Thanks. I set up ProtonMail last night, I'm migrating the shopping and financial accounts over to it now. I'll probably try Posteo too. Forget free email services, I'm done with them.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.