Yahoo sued over 500m hack
Yahoo is facing several lawsuits in the US following the massive hack in 2014 that saw personal information stolen from at least 500 million accounts. If Yahoo loses it may have to pay millions of dollars in damages.
One class-action lawsuit, filed by New York resident Ronald Schwartz, accuses the company of ‘gross negligence’. The lawsuit alleges that Yahoo demonstrated “reckless disregard for the security of its users’ personal information that it promised to protect”.
Schwartz says he is suing the company on behalf of all Yahoo users in the US whose personal details were compromised.
Another lawsuit, filed by two San Diego residents, criticises the time it took Yahoo to detect the security breach, saying that on average an attack is identified after 191 days. By contrast, it took Yahoo two years, which the lawsuit says is an “unusually long period of time”.
It adds that the security breach could have been prevented had the company bolstered its cyber-defences following previous attacks. A Yahoo spokesperson said it doesn’t discuss pending lawsuits.
Biggest cyberattack ever
Many questions remain about the hack, which is easily the biggest ever. Doubts have been raised about Yahoo’s claim that the attack was carried out by cyber-terrorists backed by a foreign country’s secret service. US security company Infoarmour said that the hackers actually belonged to an eastern European criminal gang called Group E, which had sold the stolen details to other hackers.
There have been suggestions that the number of victims is twice that revealed by Yahoo. A former executive at the company who is familiar with its security methods told the
website Business Insider that the number of attacked accounts could be between 1 and 3 billion.
Yahoo has said that no bank details were stolen, but has urged users to change their passwords.