From Internet Pioneer to...well...here

If you picked up personal email in the early 2000s, chances are you started with a Yahoo! email address (or Hotmail). Most folks have since moved on to a Gmail – or were suckered into using one created by their ISP (Time Warner Cable subscribers in North Carolina will recall RoadRunner internet and the associate nc.rr.com email domain).

But even after you graduated your email correspondence to something cooler and more modern, there is something about deleting an account that is just hard to do. So it just sits, unopened or accessed for years, probably filled to the gills with spam. Or, if you are more clever, perhaps you use old email addresses to reap the benefits of accounts and services while at the same time avoid the email outreach from a sales rep. Because this ghost of an account persists, you probably remember the many times Yahoo! was in the news for major account data breaches since 2012.

Finally, the settlement amounts and next action dates are settled and the emails have been sent to the impacted (former) Yahoo! users.

The Settlement Email

The email essentially highlights what data and security breaches occurred from 2012 to 2016 that are resulting in this class action lawsuit, who is impacted and the steps impacted parties must take to either be included or excluded in the suit.

It also links out to https://yahoodatabreachsettlement.com where you can read to your heart’s content on the process and the next steps.

Yahoo! Breaches Through the Years

Perhaps the most eyebrow-raising facet of the email is the sheer number of major data breaches Yahoo! has been been impacted by during this period.

  • From January to April 2012, at least two different malicious actors accessed Yahoo’s internal systems.
  • In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide—including the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders.
  • In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide—again, the records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders.
  • From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts.

Takeaways

Settlement Amount

Billions of accounts were impacted. So the settlement has to be huge, right?

Well, that depends on what you mean by huge. $117,500,000 is a lot of money, much more than what was originally thrown out by Yahoo! and subsequently rejected. This amount is going into a settlement fund to provide:

  • A minimum of two years of Credit Monitoring Services to protect Settlement Class Members from future harm, or Alternative Compensation instead of credit monitoring for Class Members who already have Credit Monitoring Services (subject to verification and documentation);
  • Out-of-Pocket Costs for losses related to the Data Breaches;
  • Reimbursement of some costs for those who paid for Yahoo premium or small business services.

Feels like a good amount of stuff is being done but put it into perspective of blast radius. All Yahoo! accounts were impacted in 2013. That is billions of people. Not only that, but the Settlement Fund will also be used to pay for attorneys’ fees, costs, and expenses, and Service Awards for the Settlement Class Representatives. Which means even less is going to be distributed.

Bummer.

Steps To Take

There are a couple of important dates to remember if you were impacted and plan to take action, whether as a part of the suit or on your own.

  1. If you want to receive any benefits from this class-action lawsuit, you have to file your claim before July 20, 2020.
  2. If you want to reserve your right to take action yourself, you have to exclude yourself from the lawsuit before March 6, 2020.

Conclusion

Even if you don’t use your Yahoo! email address, and haven’t for years, remember the types of information that was exposed by the breaches. Names, passwords, phone numbers, birth dates, etc. The impact of keeping that old account around long after its use was probably felt over the past few years of breaches and now is the time to take action.

Gain Complete Visibility Across Your Digital Environments

Avoid being on the list of the largest and most detrimental data breaches of all time by getting clarity into the changes occurring in your environment across all of your interconnected tools and services with JupiterOne.

Start Your Free Trial