Yahoo user sues over personal data breach

A Yahoo user has sued the company for allowing more than 450,000 user names and passwords to be stolen from one of its sites

A Yahoo user has sued the web portal company for negligence for allowing more than 450,000 user names and passwords to be stolen from one of its sites.  

Jeff Allan of New Hampshire, whose login credentials were posted online after a hacker infiltrated a company database on 11 July, has filed a complaint in federal court in San Jose, California.

Allan said in his complaint that Yahoo failed to adequately safeguard his personal information, according to Bloomberg.

He is seeking an order requiring Yahoo to compensate him and other users for account fraud and for measures they have had to take to protect accounts put at risk by the breach.

On 12 July, Yahoo confirmed that hackers had stolen an unencrypted file containing login credentials for Yahoo and other accounts, such as Google's Gmail and Microsoft's Hotmail, from Yahoo Voices, an online publishing application for sharing information.  

Read more about data breach prevention

The hacking group, known as D33Ds Company, said they had posted the details to highlight the vulnerability of the files.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call and not as a threat," said the D33Ds Company hackers.

Allan received an alert of fraud at his eBay account, which used the same login credentials exposed by the Yahoo hackers, according to his complaint.

Security experts have said the breach highlights how enterprises continue to neglect basic security practices, and the challenges of security with third-party applications. 

Image: Thinkstock

Read more on Privacy and data protection