Yahoo! tries! again! with! 3 billion! email! account! theft! payout!

$7,500 compensation up for grabs if you're the right victim

The remnants of internet giant Yahoo! are once again in court with hopes of settling the case over their massive 2013 hack that saw every single one of its three billion email accounts pwned.

The company, once known as Jerry and David's Guide to the World Wide Web, has submitted a revised settlement package [PDF] to Judge Lucy Koh in the California Northern US District Court. The settlement, if accepted, would apply to Yahoo's small business and personal email account holders in the US and Israel.

Back in January Koh struck down Yahoo's first proposed settlement package, ruling that too much of the payout was being earmarked for attorneys, rather than the three billion customers who had their data fall into the hands of hackers.

While Yahoo! has since been broken up into the brands Altaba and Oath, for the sake of this case the two companies are jointly represented under the Yahoo! banner.

Let's talk about cash, baby

The revised settlement would see Yahoo! agree to pay $117.5m to cover damages as well as credit monitoring for any of the class action members. Another $30m will be earmarked to cover attorney fees, down from $35m in the ill-fated first settlement attempt.

The named plaintiffs in the case, who represented 896 million of Yahoo's personal and small business email customers exposed in the hack, will be able to claim up to $7,500 for themselves. Everyone else will have to settle for two years of credit monitoring or a one-time cash payout.


Oath-my-God: THREE! BILLION! Yahoo! accounts! hacked! in! 2013! – not! 'just!' 1bn!


For paid and small business accounts, the payout could be as high as $500, or 25 per cent of what they paid for their Yahoo! email service between 2012 and 2016. Free email customers that don't want credit monitoring (or already bought their own) can instead claim a $100 payout.

In making the case for the settlement, Yahoo! notes that the cost of the credit monitoring service over two years will exceed the cash payout, and there is no limit on how many customers will be able to enroll.

"Importantly, the Credit Monitoring Services are not capped at any enrollment number; hence, if all 196 million Class Members enroll, all will be covered for $24 million — shifting the risk of greater than historically anticipated enrollment to the vendor rather than the Settlement Fund."

Should Koh ultimately sign off on the settlement, it would join other payouts Yahoo inked to settle the SEC and California State court cases. ®

Broader topics

Other stories you might like

  • US appeals court ruling could 'eliminate internet privacy'
    Tech terms of service dissolve Fourth Amendment rights, EFF warns

    The US Ninth Circuit Court of Appeals on Wednesday affirmed the 2019 conviction and sentencing of Carsten Igor Rosenow for sexually exploiting children in the Philippines – and, in the process, the court may have blown a huge hole in internet privacy law.

    The court appears to have given US government agents its blessing to copy anyone's internet account data without reasonable suspicion of wrongdoing – despite the Fourth Amendment's protection against unreasonable searches and seizures. UC Berkeley School of Law professor Orin Kerr noted the decision with dismay.

    "Holy crap: Although it was barely mentioned in the briefing, the CA9 just held in a single sentence, in a precedential opinion, that internet content preservation isn't a seizure," he wrote in a Twitter post. "And TOS [Terms of Service] eliminate all internet privacy."

    Continue reading
  • Stolen-data market RaidForums taken down in domain seizure
    Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US

    After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.

    Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.

    The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.

    Continue reading
  • Hackers weigh in on programming languages of choice
    Small, self-described sample, sure. But results show shifts over time

    Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed.

    Members of Europe's Chaos Computer Club, which calls itself "Europe's largest association of hackers" were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results.

    The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.

    Continue reading

Biting the hand that feeds IT © 1998–2022