That was fast. In mid-July hackers calling themselves “the D33Ds Company” gave Yahoo a spanking for lax security by posting the login information of some of the 453,000 mostly unpaid bloggers working for Yahoo and Associated Content’s contributor network. Less than a month later, we’ve got the first class-action lawsuit related to the breach.
New Hampshire resident Jeff Allan is the named plaintiff in the case. In papers filed July 31 in a U.S. District Court in Northern California, attorneys detailed how Mr. Allan discovered his information was compromised:
Within days of the breach, Mr. Allan received an alert of account fraud on his eBay account, which used the same login credentials as disclosed in the Yahoo breach. Mr. Allan does not know what other information the hackers and others have gathered about
The lawsuit also quotes IT security expert Jason Rhykerd. Addressing the SQL injection hack that grabbed the info from Yahoo’s database, Mr. Rhykerd said the “amount of network traffic this attack would have generated should of (sic) set off the lightest of [intrusion detection system] rules.”
The suit’s “Prayer for relief” indicates Mr. Allan is seeking unspecified damages for himself and anyone else affected by Yahoo!’s “negligence.”
Between this suit and the exodus of high-ranking staffers, new CEO Marissa Mayer may well be offering up some prayers of her own.