back to article And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts!

Just two days after Yahoo! admitted hackers had raided its database of at least 500 million accounts, the Purple Palace is being dragged into court. Two Yahoo! users in San Diego, California, filed on Friday a class-action claim [PDF] against the troubled web biz: Yahoo! is accused of failing to take due care of sensitive …

  1. TechnicalBen Silver badge
    Joke

    Dar Yahoo Customer:

    Click here to join our Class Lawsuit: [spam link removed by virus scanner]

    (Joke icon, because I wish it was one...)

    1. Kurt Meyer

      Re: Dar Yahoo Customer:

      “There's a sense of money to be made,” the plaintiffs' lawyer Larson E. Whipsnade, of Dewey, Cheatum, & Howe, said as he explained the reason for launching the suit.

      "We think they blah, blah, blah, and even more blah, blah, blah. I anticipate our law firm will make millions fighting for justice on behalf of those good people who can't fight a giant corporation on their own.

      The pain and suffering this has caused will be compensated by settlements of up to $1.49 for each and every person who joins this class action.”

      1. tom dial Silver badge

        Re: Dar Yahoo Customer:

        And roughly $320 Million (at 30% of the total settlement) to be shared out among the plaintiff class attorneys.

  2. WibbleMe

    So Iv had a yahoo account for like 20 years. How can I get richer through this?

  3. Ken Moorhouse Silver badge

    API Dictionary Attack

    If this current hack refers to the ability to run a "quiet" dictionary attack using their API then this is something that has been known about for years.

  4. Pascal Monett Silver badge

    Looks like the beginning of the end

    I've always wondered how Yahoo! has managed to stay afloat after so many years of bumbling incompetence.

    If there is a major class-action lawsuit over this I doubt Yahoo! will be able to continue operating at all.

    It's about time a class-action happened anyway. This kind of nonsense has been going on for too long already, especially since it seems to always be for the same basic reasons : improper handling of user credentials.

    The book has been written on that. It is high time CEO's get the message : Apply proper security, OR ELSE.

    1. Adam 1 Silver badge

      Re: Looks like the beginning of the end

      Only a few more disastrous multi billion dollar losses and Microsoft might make them an offer (based on a valuation of their market cap during the dot com boom).

      1. Doctor Syntax Silver badge

        Re: Looks like the beginning of the end

        "Only a few more disastrous multi billion dollar losses and Microsoft might make them an offer"

        Or maybe someone else. Where are Carly & Leo these days?

  5. allthecoolshortnamesweretaken Silver badge

    Pass the popcorn, please - this will take some time. And afterwards, Verizon should be able to pick up Yahoo for a song and a dance. If they still want it.

  6. x 7 Silver badge

    so how much did Verizon pay the hackers? They've been playing a long game to get the share price down

    1. Marketing Hack Silver badge

      And Yahoo's management has been playing an even longer game to drive the share price down.

  7. MrTuK
    WTF?

    Privacy !!!!!!

    I just don't get it, people are screaming about this but Google, Microsoft and Apple can walk all over one's privacy and not a peep or squawk from man nor beast !

  8. abedarts

    Too long ago to matter now

    One user with 'dodgy credit card activity' since the data was hacked 2 years ago doesn't sound like the end of the world to me.

    But I'm not a journalist or a lawyer where having a sense of proportion is a sacking offence.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too long ago to matter now

      It was hacked 2y ago, but the data was only made available last month (August).

  9. Sebastian A

    one of his clients had already seen dodgy activity on their credit card which had been attributed to the attack

    "Look honey, that transaction from hotandhornypodiatrists.com must be because my Yahoo account got hacked. There can be no other explanation."

  10. Doctor Syntax Silver badge

    There's a serious need for a sufficiently cautionary tale to make its way into MBA courses as an example of the perils of bad security. Maybe this will be it.

  11. Insane Reindeer

    Headline fail!

    Yes, I am fully aware of the rules governing headline writing when the story is about Yahoo!. However for this story it should of just been:

    "And so it begins..."

    Sub headline:

    "The truth points to itself."

    Picture at the top of the article of Ambassador Kosh.

  12. Pink Duck

    BT Email affected too

    Received emails from old BT Yahoo! accounts suggesting a password reset recently, a little surprised to find they were still active. Rather bothersome to have relative's actual security answers out in the wild now, just re-enforcing my view that they should always be made-up.

  13. Anonymous Coward
    Anonymous Coward

    Deliberate cover up

    I can safely assume that Ms. Mayer was fully aware of this hack, but chose to suppress, since Yahoo wanted to sell itself AND most IMPORTANTLY, she wanted to secere her 58 million severence payout when the day came. Managed well for 2 years. didnt she?

    Now its all on ice.

    And yet, it is standard practice everywhere. They will underplay a hack with the friendly media giving them eneough cover and right excuses.

    Eg: Talktalk hacked thrice last year. Yet, Ms. Harding conveniently blamed teenagers in a shed and the storm blew over. She is also part of the establishment, which helps. Similalrly, blame a foreign government (state - ChIna/Russia which is fashionable) and the heat becomes less. No one will acknowledge that they skimped on security.

    Go figure.

    1. You aint sin me, roit

      Re: Deliberate cover up

      Pay no refunds, admit you don't know if the data was encrypted or not... walk away scott free if you're baronessed up and married to a Tory MP...

  14. Scoured Frisbee

    Specificity in reporting please

    A bit disappointed in the relatively meaningless sentence:

    "If even a fraction of the 500 million Yahoo! users targeted by hackers take action against the company, and win even a miserly award, the potential costs to the biz could count in the high multi-millions."

    So many missed potential fractions and costs, and calculations relative to the current price of tea in China. Bonus points for including the inflationary pressures of purchasing so much Chinese tea at once.

  15. x 7 Silver badge

    Just found how powerful Marissa Mayer is

    If you google for naked or nude photos of her, you won't find any. Not even fakes. Usually for any female celeb, someone, somewhere has faked up something using photoshop, but in her case any and all such images have been removed or suppressed.

    1. John Brown (no body) Silver badge
      Gimp

      That's a little disturbing. Not just that you looked, but that this story is what prompted you to look. That's not the ,message I was getting from this article.

  16. Pen-y-gors Silver badge

    An interesting legal question...

    Was the hack illegal? If not, then Yahoo haven't done anything wrong. And it's probably legal if it was a state-backed hacker.

    Why? you ask...well, IANAL but, given that local US laws on data access apply worldwide, so presumably do local Russian, Chinese, Nork etc laws. If it's legal in the US for the US government to hack Chinese systems, then it's also legal in the US for Chinese government staff to hack US systems.

    So, no offence.

    1. tom dial Silver badge

      Re: An interesting legal question...

      It is legal in the US for the US government to conduct such activities in other countries with which the US government does not have treaties that govern them; otherwise not.

      It is legal in the US for a foreign government to conduct such activities in the US if a treaty approved by the US Senate authorizes them; otherwise not.

      I am not aware of any treaties that allow such activities in the US by any other government (or, for that matter, any laws that would allow it by either the government or private sector actors. The hack was illegal whether done by a foreign government, foreigners, or US residents. Blaming it on a "state actor" is misdirection that one supposes is intended to increase the scariness and reduce Yahoo!'s perceived culpability in the matter.

      1. John Brown (no body) Silver badge

        Re: An interesting legal question...

        I think you are looking at this from the wrong angle. If US law says it's legal for the US state to hack in countries where there are no treaties, then it's probably legal in, eg North Korea for the state to hack in the US. In other words, if this was a state hack, then likely the hack was legal in the jurisdiction where it was performed. It's only illegal in the state where the victim is in these type of cases.

  17. J J Carter Silver badge
    Trollface

    We can but hope!

    Jail time for Meyer

  18. Anonymous Coward
    Anonymous Coward

    So... you provided REAL data to a FREE service...

    So now I'm part of a class action lawsuit (Yahoo! user in California) that may eventually get me $1.50-$2.50, while the lawyers make off with hundreds of millions.

    Color me unimpressed for a multitude of reasons, but the primary one is:

    - Yahoo! does not have my real birthday

    - Yahoo! does not have my real phone number

    - Yahoo! does not have my real physical address

    If it's not a bank, government entity, or other organization with which I am doing legal or financial business, why on Earth would I give them real data?

    So Yahoo! hack = No big deal for me. If they crack Google and get my g-mail password, no big deal for me.

    If it's a free service, don't trust it to keep your data safe. Seems like common sense.

    (I should clarify that I think Yahoo! screwed up and should face some form of punishment, but the idea that I provided data to a free service and now that data has been compromised just seems like par for the course. I don't think Yahoo!'s users need big payouts if their nude selfies got nicked. Don't store sensitive data on the intrawebs. True 20 years ago, true today...)

    (And yes, I know that by providing Yahoo! with falsified data I committed some sort of crime, but I think the fact that it's criminal to keep your personal data out of the hands of such yahoos is even more criminal...)

    1. Doctor Syntax Silver badge

      Re: So... you provided REAL data to a FREE service...

      "If it's a free service, don't trust it to keep your data safe. Seems like common sense."

      Nevertheless, if you seek or accept custodianship of someone's data it becomes your responsibility to keep it safe, even if you're providing a free service. Responsibility isn't simply a consequence of being paid.

      1. JoeTheAnnoying

        Re: So... you provided REAL data to a FREE service...

        Absolutely, 100% agreed. As I said, I think Yahoo! needs to face consequences.

        I just don't care for the class action lawsuit part of it. Enriches the lawyers and does little for the people whose data was lost.

    2. Ken Moorhouse Silver badge

      Re: So Yahoo! hack = No big deal for me.

      Maybe not immediately.

      But when the people in your address book have all been profiled and identified, there will initially be a missing jigsaw piece (you).

      Probably easily filled by "triangulating" the data supplied by these other people which inadvertently identifies you.

      Maybe correspondent "A" (in your address book) emailed correspondent "B" (also in your address book) about something you were also involved with, where personal information about you is given.

  19. J. R. Hartley Silver badge

    Good!!

    Two fucking years like.

  20. bombastic bob Silver badge
    FAIL

    here come the sue-ers

    I'm embarassed it started in my part of the world (San Diego). I wonder if they're shopping for the SAME JUDGE that Trump heavily criticized a while back?

    1. Anonymous Coward
      Anonymous Coward

      Re: here come the sue-ers

      The guy who allegedly is member of/has ties to "La Razza"?

  21. Jim 43
    Thumb Up

    It's going to be an expensive Fall for the orgainization.

    Well played!

  22. Anonymous South African Coward Silver badge

    Do you Yahoo! or not?

  23. horlics

    They get hacked and all they do is take the opportunity to redefine the word "actor" (kind of).

  24. Sidney FFF

    If I get a postcard telling me I was part of the class, I will write 2 letters. One to remove myself from the class and the 2nd to the judge (both addresses will be included on the card) urging him or her to throw this out. Everyone's either been hacked or will get hacked. It's impossible to secure everything all the time. It's absurd to give a few lawyers millions of dollars and destroy a big company that employs thousands just to give 100 million users probably the equivalent of $5 each.

    1. Clockworkseer

      Its not about the hack. Those happen. Its about either

      A) Them sitting on it for two years (assuming they knew about it)

      or

      B) Them not spotting it for two years. Which tells you everything you need to know about how much attention they pay to security.

      Either way, calling them to account is legitimate.

      Seroiusly, we know attacks and leaks happen. It's how the company responds afterwards that really shows you what they're made of.

      1. GrapeBunch Bronze badge

        From the numbers, as many US adults were victims of the hack as were not victims. It seems more that the "class" of the action is the average citizen. It would make more sense if the government settled on behalf of all citizens for $1 (or more) per citizen, precluding all other US class actions, but not individual claims. And take $1 off everybody's tax bill. Ha. Ha. Ha ha.

  25. Hans Blick

    and the money goes to...

    probably better it they (hooYa!) just give some money to charity and shutdown their operations, what Joe Public get out of it at the back isn't worth a class action (real damages? Who actually uses hooYa! for anything but spam emails?

    hooYa! as that's what Ms Mayer is probably saying as she rides the company mechanical bull in the excutive suite with the Verizon deal on the table! Not exactly an Autonomy moment but close :)

  26. Gigabob

    The real problem with this hack...

    Is that it happened two years ago and Yahoo is just now finding out about it. Unless they knew about it earlier, in which case I am down with Dewey, Cheatem and Howe. That is another reason for strongly suspecting a state actor. Entrepreneurial hackers want to publicize their exploits, state actors want to keep what they have done secret so adversaries are unaware how badly they have been penetrated.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019