Yahoo! Sued After Breach
User Claims Account Fraud as a Result of Security IncidentA class action lawsuit has been filed against Yahoo! after a data breach exposed the usernames and passwords of more than 400,000 users.
See Also: Effective Communication Is Key to Successful Cybersecurity
Jeff Allan of New Hampshire, the only victim named in the lawsuit, received a fraud alert from his eBay account, for which he used the same credentials as his Yahoo! account, according to the complaint filed in California's Northern District Court. The lawsuit alleges Yahoo! failed to adequately safeguard his and others' personal information.
Allan is seeking class action status requiring Yahoo! to compensate him and other users for account fraud and measures they had to take to protect their account, according to the lawsuit.
Hacktivists Point Out Security Flaws
In July, a hacking group calling itself D33Ds Company posted more than 400,000 Yahoo! usernames and passwords online.
Yahoo! confirmed in a statement that an older file from the Yahoo! Contributor Network, previously Associated Content, containing approximately 400,000 Yahoo! and other company usernames and passwords, was stolen on July 11. "Of those, less than 5 percent of the Yahoo! accounts had valid passwords," the statement noted.
The hacktivist group DD3Ds Company took responsibility for the attack, stating, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure."
The information was posted in a text file on the hacktivists' website.