Wait a minute. Didn't we just go through this?
Apparently some, but not all, Yahoo email users got another warning the other day from Yahoo about a breach. It's not clear what's new here, because the news report suggest the breaches occurred in 2013 through 2016 and that the culprit is a "state-sponsored actor." Excerpt:
In a statement, Yahoo tied some of the potential compromises to what it has described as the "state-sponsored actor" responsible for the theft of private data from more than 1 billion user accounts in 2013 and 2014. The stolen data included email addresses, birth dates and answers to security questions. ...
The malicious activity that was the subject of the user warnings revolved around the use of "forged cookies" — strings of data which are used across the web and can sometimes allow people to access online accounts without re-entering their passwords.
A billion users violated -- it might seem hard to put a price tag on that. Yahoo didn't do it in its 10Q (filed 11/09/16) which does say 23 class action suits have been filed. However, "the Company cannot reasonably estimate a range of possible losses ...".
But prospective buyer Verizon has number. See Verizon Said to Near Yahoo Deal at Lower Price After Hacks:
Verizon Communications Inc. is close to a renegotiated deal for Yahoo! Inc.’s internet properties that would reduce the price of the $4.8 billion agreement by about $250 million after the revelation of security breaches at the web company, according to people familiar with the matter.
That article goes on to say Verizon and Yahoo will share the potential liability, so maybe that's a guess that the total might come to $500 million. That comes to about $0.50 per customer. But that's before legal fees, court costs, and related expenses. So fellow Yahoo customers, don't go on a spending spree just yet.
Comments