Yahoo will have to pay millions in damages as part of a settlement in the 2013 and 2014 mega data breach case. As per the settlement filed earlier this week, Yahoo has been slapped a fine of USD 50 million. In addition to that, the company will also have to provide a minimum of two years of credit monitoring services for the 200 million people impacted by the breach, Cnet reported.
Yahoo suffered global reputational damage when a security breach in 2013 affected 3 billion accounts. Another breach, a year later, affected 500 million accounts. The hack put to risk even encrypted passwords of users.
The now parent company, Verizon, will pay half the settlement cost while Altaba, the remaining part of Yahoo after sale to Verizon will pay the other half.
Yahoo Inc earlier had said that at least 500 million of its accounts were hacked in 2014 by what it believed was a state-sponsored actor, a theft that appeared to be the world's biggest known cyber breach by far.
Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said. But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signalling that some of the most valuable user data was not taken.
The attack on Yahoo was unprecedented in size, more than triple other large attacks on sites such as eBay Inc, and it comes to light at a difficult time for Yahoo. Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994, and the company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc.
"This is the biggest data breach ever," said well-known cryptologist Bruce Schneier, adding that the impact on Yahoo and its users remained unclear because many questions remain, including the identity of the state-sponsored hackers behind it.
On its website on Thursday, Yahoo encouraged users to change their passwords but did not require it. Although the attack happened in 2014, Yahoo only discovered the incursion after August reports of a separate breach. While that report turned out to be false, Yahoo's investigation turned up the 2014 theft, according to a person familiar with the matter.
Analyst Robert Peck of SunTrust Robinson Humphrey said the breach probably was not enough to prompt Verizon to abandon its deal with Yahoo, but it could call for a price decrease of $100 million to $200 million, depending on how many users leave Yahoo.