Yahoo to pay $50m to 200 million mega-hack victims

Following the mega-hack in 2013, web service provider Yahoo has reached an agreement where they will pay $50m in damages to 200 million people affected by the security breach. The breach affected a total of three billion accounts.

This mega-hack allowed cyber criminals to gain access to a users’ personal information including names, email addresses, dates of birth, phone numbers and hashed passwords.

Yahoo has been criticized for their handling of the matter, by failing to notify customers and investors promptly. Yahoo said the breach, which was only made public in 2016, had affected 1 billion accounts but has since reached 3 billion. The company maintain that financial information such as credit card numbers, bank account details and passwords where not hacked.

The two companies who will equally foot the bill are Oath, the subsidiary that owns Yahoo, and Altaba, the unpurchased portion of Yahoo that was renamed following the sale. Yahoo will cover an estimated $35 million in legal costs and fund two years of credit monitoring to US customers impacted by the mega-hack.

Affected Premium members will be able to claim a 25 percent refund on their subscription, while non-Premium clients are able to submit claims of $25 per hour for time spent dealing with matters arising from the breach.

The US suspect the hackers are state-sponsored and have linked several of them to Russia.