Yahoo Will Pay You $100 If You Had One Of Their Shitty Accounts

It’s settlement time.

If you were cursed with a Yahoo email account and suffered through yearly data breaches from 2012–2016, congratulations. Someone has your name, passwords, date of birth and security questions, but Yahoo will pay you $100 for your trouble.

Incidentally, for leading Yahoo from 2012–2017, Marissa Mayer walked away with $23 million. The total amount the company has to pay out to users (in cash or credit monitoring) is $117.5 million dollars. Mayer couldn’t have looted the company better if she tried.

If you live in the US or Israel and had a Yahoo account during this accursed period, you can go to YahooDataBreachSettlement.com to make your claim. The default offer is a credit monitoring service from AllClear ID. This is a bit like someone giving you a Ring doorbell after giving away multiple copies of your keys.

If you can prove that you have identity protection already, however, they’ll give you $100 cash. If you’re in Israel you can get the $100 directly. If not many users claim, more money will be paid out, up to $358 per claim.

If you can verify that you already have credit monitoring or identity protection services that you will keep for at least 12 months, you may instead make a claim for a cash payment in an amount of $100, although that amount may be less or more up to $358.80, depending on how many claims are submitted. (FAQs)

It may be worth getting free credit monitoring or something with a free trial just to stick it to the corpse of Yahoo.

In their legally mandated disclosure, the scope of Yahoo’s negligence is truly shocking. This wasn’t just one data breach. It happened every year of Marissa Mayer’s tenure and only got worse.

2012 Data Security Intrusions: From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems. The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems.

2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts — approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts.

2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.

2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts. (Yahoo Class Actions Resolution)

It wasn’t like Yahoo was hacked once, it’s like they had the door wide open and hackers just kept coming back for more. They literally lost control of every single account, from anyone that ever trusted them for email. Including me.

For some people, the damage has already been done, $100 or the same worth of credit monitoring five years later isn’t going to cut it. And this settlement does include claims for horrifying stuff like fraudulent tax returns being filed in your name.

If you spent hours of your life untangling your identity (and documented it with, like, timesheets) Yahoo will also compensate you at $25 an hour. You can theoretically get up to $25,000 of out-of-pocket costs reimbursed. If you were foolish enough to pay Yahoo for any services during this time, you can get partial refunds.

What you give up by signing up for this settlement is any right to sue Yahoo for any further damages. In fact, if you do nothing you also lose the right to sue. You have to send a specific letter excluding yourself or forever hold your peace.

Personally, I accidentally deleted all my Yahoo emails years ago and hadn’t used the account for nearly a decade by the time of the breach. I had basically changed my stupid high-school username and passwords by the time the dumpster caught fire. But some people actually trusted Yahoo with their email accounts. And they got screwed year after year. One breach can happen, two is a problem, but four? If your CEO presides over four catastrophic data breaches, why do they get paid to leave? If they were managing a McDonald’s they’d be arrested for fraud.

Yeah maybe you get Hamburgled once, but Hamburgle me four times? Fool me once, shame on you, fool me twice, shame on me, but what happens after four times? Shame on a billion people and here’s $23 million dollars?

The San Jose court will decide on this settlement the day after April Fool’s of this year (2020). You can go there and yell at some lawyers. If you want to file a claim, the deadline is July 20th. The deadline to stop using Yahoo was sometime around 2004, but if you missed that here you are. Your pants in the wind and $100 as compensation.