Yahoo! hack! payout! nearly! approved! and! the! question! is! how! to! spend! 60! cents!?
Now all you have to do is remember what your Y! email address was amid sounds of lawyers popping champagne
Long-suffering Yahoo! customers may finally get some compensation for having their personal details exposed to hackers not once, not twice, not three times, nor four times, but five times between 2012 and 2016.
The proposed $117.5m settlement from the US class-action lawsuit brought back when Yahoo! actually existed is headed toward its final approval by a judge. Millions of customers received an email this week outlining what they have to do to get their hands on that filthy lucre.
There’s good news and bad news: the good news is that if you had a Yahoo! account between 2012 and 2016 you are eligible for “up to $358.80”; the bad news is that not only do you have to fill in a form to get it, not only do you have to remember that Yahoo! email address you stopped using years ago, but unless you have credit monitoring, you don’t get a cent.
Even if you do have credit monitoring and do fill in the form, chances are you won’t get anywhere near $358. There were 196 million people affected by the five separate security breaches, which equates to a rather pathetic 60 cents each. But everyone is confident that no one wants anything to do with Yahoo! anymore so they are saying that if you fill in the form you will get at least $100. We’ll see.
This is Yahoo!, of course, so nothing’s that easy. The lawyers have agreed to the same approach as the horrible Equifax security breach settlement, where you have to provide proof of your credit monitoring service in order to get any cash – and there are five questions you need to answer for that.
Why five and why don’t these companies just get the information from those companies directly? Because class-action lawsuits suck, that’s why.
Guess who wins?
Yet there is one group that’s happy, and that is, of course, the lawyers. They want a disgraceful 25.5 per cent payoff in the form of a roughly $30m check. And if you think that’s high, the judge agrees with you: Judge Lucy Koh refused to accept an agreed settlement this time last year because the lawyers wanted $35m.
Yahoo! Groups' closure and a tale of Oftel: Die-hard users 'informally' included telcosREAD MORE
She kicked them out the courtroom and three months later they came back with a self-compensation figure of $30m. That wasn’t the only reason Koh refused the settlement last year – she also said it was too vague and didn’t describe the website breaches sufficiently. In other words, Verizon-owned Yahoo! was trying to vague its way through the legal system. Yeah, we're using vague as a verb.
This time the settlement language listed each website hack specifically, and gives a brief explanation for each. Although it omits the reality, which is that Yahoo! suffered all these system intrusions because it was utterly incompetent and running around like a headless chicken with Marissa Mayer as CEO.
So, if you can stand it, if you can remember your Yahoo! email address, have credit monitoring, and are willing to dig out the details, then head over to the settlement website to claim your reward for putting up with Yahoo! for all those years.
Incidentally, this reporter was able to login to his old Yahoo! account (after resetting the password he’d forgotten) using just his username but can’t remember the actual email address and – amazingly – Yahoo!’s mail system isn’t working so the workaround of sending an email to a different account to discover it doesn’t work either.
Oh, Yahoo!, how we don’t miss you. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust