US Judge Says Users Can Sue Yahoo For Massive Breach

US Judge Says Users Can Sue Yahoo For Massive Breach

A federal judge in California has ruled that a class action lawsuit against Yahoo related to a series of data breaches at the company can move forward. Verizon, which bought Yahoo last year for a reduced price of about $US4.5 billion ($5.7 billion), had asked the judge to dismiss many of the lawsuit’s claims.

Interim CEO of Equifax Paulino Barros, former CEO of Equifax Richard Smith, and former CEO of Yahoo Marissa Mayer testify during a hearing before Senate Commerce, Science and Transportation Committee. Photo: Alex Wong (Getty)

Yahoo users have claimed that the repeat security incidents at the company, and Yahoo’s delayed disclosure of those incidents, exposed them to identity theft and forced them to spend extra money and time securing their personal information. Last spring, Yahoo tripled its initial estimate of the number of user accounts impacted by the breaches from one billion to three billion.

Yahoo has admitted that hackers stole users’ passwords and accessed Yahoo’s internal codebase, which enabled them to forge cookies used to log in to user accounts without a password and to manipulate Yahoo search results.

The plaintiffs in the class action lawsuit claim that they would have chosen another email service if they had been informed sooner of Yahoo’s security woes – a claim that US District Judge Lucy Koh found credible.

“Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh wrote.

In March, the US Justice Department announced charges against several Russians and one Canadian citizen linked to the Yahoo hacks. Karim Baratov, the Canadian accused of helping orchestrate the breaches, pleaded guilty in November.