Yahoo is being sued over its massive hack

Questions to be answered, legal departments to be paid overtime…

Ambulance

As The Register reports, Yahoo is being sued after disclosing that hackers stole at least 500 million user records two years ago:

Two Yahoo! users in San Diego, California, filed on Friday a class-action claim against the troubled web biz: Yahoo! is accused of failing to take due care of sensitive information under the Unfair Competition Act and the state's Consumer Legal Remedies Act, plus negligence for its poor security, and breaking the Federal Stored Communications Act.

The stolen Yahoo! database includes people's names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers about their personal lives.

You can check out a PDF version of the class action complaint here.

No doubt this won't be the last legal action against Yahoo following its confirmation that it suffered such a damaging attack.

Questions will no doubt be asked as to whether Yahoo could have done more to protect itself in the first place, why it didn't notice it had suffered a data breach sooner, and what has made the company conclude that its attackers were "state-sponsored".

Meanwhile Yahoo users who believe they have been wronged will have to put together a convincing case that they have suffered a financial loss a direct result of the hack.

This could take a while...

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

5 Responses

  1. Bob

    September 26, 2016 at 5:08 pm #

    Good – they deserve to be sued for failing to secure their customers' data and for negligently concealing the fact.

    I hope Verizon take harsh action against their acquisition as companies like Yahoo need to be punished and severely dealt with to act as a deterrent to other organisations.

  2. Jim

    September 28, 2016 at 6:00 pm #

    Has their been 2 hacks? Just wondering as I vaguely remember having to update my email password at yahoo sometime ago.

  3. Jay

    September 28, 2016 at 9:07 pm #

    I don't know if Yahoo has been negligent about security, but I have been monitoring my junk email, and I have accounts on three of the biggest free email services.

    I can definitely say that my Yahoo account seems to get the most junk email. Granted it's an old account that I've used a long time, but even older is the AOL account I use when I'm forced to give out a personal email to an organization I don't quite trust. The AOL gets much less, and Gmail even less than either of those two.

    I also am noticing the spammers use Yahoo frequently. I.e., if their shtick involves getting me to reply to some email address, it's often a Yahoo one.

    I am starting to suspect Yahoo is the least safe of the major free services. Fortunately Yahoo still lets you delete an email account. Looks like I still have some time to move off it as a primary email and then make it so there's nothing there to hack once I'm gone.

    I'm thinking of getting a good secure paid email service. Which should I get? It does not have to be safe from law enforcement, I just don't want my bank accounts hacked.

    Anyway thanks for this blog, I read it most every weekday. -J

    • Bob in reply to Jay.

      September 28, 2016 at 10:33 pm #

      If you want a secure email service look at:

      Posteo (https://posteo.de/en)
      ProtonMail (https://protonmail.com/)
      Tutanota (https://tutanota.com/)

      In order of preference above.

      Posteo is the most mature, offers the most features, is the cheapest and has great integration.

      ProtonMail is the new kid on the block, doesn't have some basic functionality (like calendaring or a proper address book), you can't export or import emails etc.

      Tutanota is another newish company but aren't used as much as the other two and, again, have far fewer features than Posteo.

      • Jay in reply to Bob.

        September 29, 2016 at 2:25 pm #

        Thanks. I set up ProtonMail last night, I'm migrating the shopping and financial accounts over to it now. I'll probably try Posteo too. Forget free email services, I'm done with them.

Leave a Reply