Yahoo Sued By User Following Breach of 450,000 Passwords

Internet search conglomerate Yahoo is being sued by one of its users for negligence after the usernames and passwords of approximately 450,000 of its users were leaked by a hacker online last month.

Internet search conglomerate Yahoo is being sued by one of its users for negligence after the usernames and passwords of approximately 450,000 of its users were leaked by a hacker online last month.

According to a complaint (.PDF) filed earlier this week in a federal court in San Jose, Calif., the plaintiff, Jeff Allan of New Hampshire is calling out Yahoo for failing to “deploy even the most rudimentary of protections for certain users’ personal information.”

In an injunction, Allan is looking for Yahoo to compensate “resulting account fraud” and the additional steps he and other affected users have had to take to prevent their accounts from being accessed further. Allan noticed his account had been compromised after he received a notification from eBay–where he used the same log-in credentials–that his account there had been accessed without his permission.

A hacking group called D33DS took credit for the attack on the site via a SQL injection on July 11 and soon after posted a slew of user logins and plaintext passwords, many which were as simple as “password,” online.

The information wound up belonging to users of Yahoo Voices, a site Yahoo acquired from Associated Content in 2010 that allows freelance writers to share their own personal content. The company acknowledged it patched the vulnerability later that week and that affected users would have to answer a series of questions to authenticate their accounts upon logging in.

The class-action complaint goes on to allege that Yahoo should have kept its users’ credentials encrypted using standard salting and hashing methods and been more prepared against the type of SQL injection used in the attack.

Suggested articles

Discussion

  • Amol Bharti on

    Even today you go to any of the Yahoo chat rooms, you will be pissed off by the spammers and bots. Once a target always a target, if you are victimized by the spammers once no matter what precautions or corrective actions you take later you will continue to receive spam on yahoo. Along with Yahoo, there are some other Big names who have been recently victimized by the hackers like Linkedin, NVIDIA Forums, RSA to name a few. This clearly shows no security can be bullet proof.

  • 100 Day Loan on

    Woah! I'm really digging the template/theme of this website. It's simple, yet effective. A lot of times it's hard to get that "perfect balance" between usability and visual appeal. I must say you've done a great job with this. Also, the blog loads super fast for me on Opera. Exceptional Blog!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.