A proposed class action law suit filed in California claims that Yahoo! Inc. permitted hackers to access their users’ personal information and failed to warn users of the security breach.
This news comes after Yahoo’s release last week that a security breach in August 2013 may have affected more than 1 billion users, making it the largest attack in history. This is in addition to their breach in 2014 when 500 million accounts were stolen. Information stolen may include: names, phone numbers, email addresses, encrypted passwords, dates of birth and in some cases security questions and answers.
Yahoo has admitted that it used MD5, a method of storing passwords which was considered inadequate by many experts at the time of the hack. Neither of the Yahoo breaches have been linked to online fraud.
Yahoo customers are advised to change their passwords if they haven’t done so within the past three years. Individuals are discouraged from using the same password and security questions for multiple sites. To create a strong password, use numbers, letters and characters.
The FBI has opened an investigation into the data breach. They are investigating how the breach occurred and which party or parties are responsible. Yahoo has stated that they believe their 2014 breach to have been caused by a state-sponsored attacker.
Given these two major data breaches within the last few years, the class action claims that Yahoo failed to provide sufficient protection to consumers’ personal information which continues to be vulnerable.
