Yahoo! Inc., the operator of the biggest U.S. Web portal, was sued for negligence over its disclosure that as many as 450,000 user names and passwords were stolen from one of its sites.
A Yahoo user who said his login credentials were posted online after a hacker infiltrated a company database on July 11 filed a complaint July 31 in federal court in San Jose, California.
Jeff Allan of New Hampshire said in his complaint that Yahoo failed to adequately safeguard his personal information and seeks an order requiring the company to compensate him and other users for account fraud and for measures they have had to take to protect accounts put at risk by the Yahoo breach.
Yahoo said on July 12 that hackers took a file containing login credentials for Yahoo and other accounts, such as Google Inc.’s Gmail, Microsoft Corp.’s Hotmail and AOL Inc., from a Yahoo site featuring user articles, videos and slideshows.
TrustedSec, a Berea, Ohio-based security consulting company, said that a hacker group called D33DS had posted details of 450,000 user accounts on an unencrypted file taken from Yahoo Voices, a site where users can share their own content.
Allan received an alert of fraud at his eBay account, which used the same login credentials exposed by the Yahoo hackers, according to his complaint.
Dana Lengkeek, a spokeswoman for Sunnyvale, California-based Yahoo, didn’t immediately respond to an e-mail message after regular business hours yesterday seeking comment on the lawsuit.
The case is Allan v. Yahoo!, 12-4034, U.S. District Court, Northern District of California (San Jose).