SlideShare a Scribd company logo

На Yahoo подали в суд из-за кражи 450 тыс. паролей

Anatol Alizar
Anatol Alizar

На Yahoo подали в суд из-за кражи 450 тыс. паролей

TechnologyBusiness
1 of 11
Download to read offline
I Eric H. Gibbs(State No. 173653) Bar gft/c//UAl ehg@girardgibbs.com 2 Dylan Hughes (StateBar No. 209113) a J dsh@girardgibbs.com GeoffreyA. Munroe(StateBar No. 229590) 4 gam@girardgibbs.com Amy M. Zeman (StateBarNo. 273100) amz@girardgibbs.com 6 GIRARD GIBBS LLP 601 CaliforniaStreet,14thFloor 7 SanFrancisco, Califomia 94104 (41 Telephone: 5) 981 -4800 8 Facsimile:(415)981-4846 9 Attorneys Plaintiff for 10 tl UNITED STATESDISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA t2 t3 SAN JOSE DIVISION Jeff Allan, on behalf of himself and all others cv T2 40 t4 similarly situated, 15 CLASSACTION COMPLAINT FOR: t6 Plaintiff. vs. (1)Negligence t7 YAHOO! INC.. DEMAND FOR JURY TRIAL 18 t9 Defendant. 20 2l 22 23 24 25 26 27 28 CLASSACTION COMPLAINT
1 SUMMARY OF THE CASE 2 1. Yahoo! Inc. is a leading Intemet company that provides Internet basedservicesto a J millions of userson a monthly basis and yet failed to deploy even the most rudimentary of protections 4 for certain usersopersonalinformation. Consequently,a group of hackers,in the name of publicly 5 humiliating Yahoo for it lax security measures, infiltrated a Yahoo databaseand publicly posted login 6 credentialsfrom over 450,000 accounts. 7 2. Plaintiff Jeff Allan is one of the approximately 450,000 userswhose information was 8 posted online for the world to seeand use. Within days of the breach,Mr. Allan received an alert of 9 account fraud on his eBay account,which used the samelogin credentialsas disclosedin the Yahoo 1 0 breach. Mr. Allan does not know what other information the hackersand others have gatheredabout 1l him. t2 3. Plaintiff Allan brings this classaction lawsuit againstYahoo for failing to adequately t3 safeguardhis and others' personalinformation. Mr. Allan seeksan order requiring Yahoo to remedy the T 4 harm causedby its negligent security, which may includ" Plaintiffand classmembersfor "o-p"nruiing 1 5 resulting account fraud and for all reasonablynecessarymeasuresPlaintiff and classmembershave had l6 to take in order to identi$' and safeguardthe accountsput at risk by Yahoo's negligent security. t7 PARTIES 18 4. PlaintiffJeff Allan is a resident of the Stateof New Hampshire. Mr. Allan is one of I9 approximately 450,000 people whose e-mail addressand passwordwere publicly disclosedon the 20 internet becauseYahoo did not take reasonablemeasuresin securingthem. 2l 5. Defendant Yahoo! Inc. is a Delaware corporation with its principal place of businessat 22 701 First Avenue, Sunnyvale,California 94089. Yahoo does businessthroughout the Stateof Californi 23 and the United States. Yahoo maintains a substantialportion of its computer systemsin California. 24 JURISDICTION AND VENUE 25 6. This Court has original jurisdiction pursuantto the Class Action FairnessAct, 28 U.S.C. 26 $ 1332(d),because(a) at least one member of the putative class is acitizenof a statedifferent from 27 Defendant,(b) the amount in controversyexceeds$5,000,000,exclusive of interest and costs,(c) the 2 8 proposedclass consistsof more than 100 class members,and (d) none of the exceptionsunder the CLASS ACTION COMPLAINT
I subsectionapply to this action. 2 7. Venue is proper in this District under 28 U.S.C. $ 1391(b)becauseDefendant maintains J its headquarters and principal place of businessin this District and a substantialpart of the eventsgiving 4 rise to Plaintiff s Complaint occurred in this District. 5 INTRADISTRICT ASSIGNMENT 6 8. Assignment is proper to the San Josedivision of this District under Local Rule 3-2(c), as 7 a substantialpart of the eventsand omissions giving rise to Plaintiff s claims occurred in SantaClara 8 County. 9 COMMON FACTUAL ALLEGATIONS 10 AssociatedContent and the Yahoo! Contributor Network ll 9. Yahoo is a Delaware corporation that operatesa host of Internet websites and services, t2 including a web portal, searchengine, and e-mail service. Roughly 700 million people visit Yahoo 1 3 websitesevery month, making them among the most popular on the intemet. t4 10. In 2010, Yahoo paid $100 million for AssociatedContent,a companythat published l5 text, image, and video media contributed by freelancerauthorsregisteredwith the company. To t6 contribute material before the Yahoo purchase,usershad to establishan accountwith Associated t7 Content, using an e-mail addressas the login name and creating a password. Some or all of theselogin 1 8 credentialswere obtained by Yahoo when it acquired AssociatedContent. I9 I l. In November 2010, Yahoo launchedthe Yahoo! Contributor Network, calling it "an 20 evolution of the AssociatedContent platform" that would "bring contributions from more than 450,000 2l writers, photographers,and videographersto the Internet's largest media destinations,including Yahoo! 22 News, Yahoo! Finance, Yahoo! Sports,and even the Yahoo! Homepage,among many others." In 23 December2011, Yahoo also announcedYahoo! Voices, a new digital library for content published by 24 the Yahoo! Contributor Network, including content acquiredwith AssociatedContent. Registeredusers 25 of the Yahoo! Contributor Network can contribute content and, in some cases,earn money if Yahoo 26 publishestheir content. 27 The Securitv Breach 28 12. On July I1,2012, a group of hackersreportedly basedin Eastem Europe and known as CLASS ACTION COMPLAINT
I 'the D33Ds Company" breachedYahoo's security measuresand extractede-mail addresses and 2 passwordsthat were storedunencryptedwithin a Yahoo database.D33Ds then postedtheselogin J credentials,which were associatedwith roughly 453,000 AssociatedContent users,online in a plaintext 4 file, stating that they did so in order to provide a "wake-up" call to Yahoo about its lack of proper 5 security. 6 13. The hackersused a techniqueknown as a "SQL injection attack," which works by 7 "injecting" malicious commandsinto the streamof commandsbetweena website application and the 8 databasesoftware feeding it. If the databasedoesnot properly screentheseinputs for signs of attack, 9 attackerscan acquire information from the databasethat they would otherwise be barred from accessing. 1 0 In essence, SQL injection attackexploits the way in which a website communicateswith back-end a 1 1 databases, allowing an attackerto issuecommands(in the form of specially crafted SQL statements) to t2 databasethat contains information used by the website application, such as users' login credentials. 13 14. Reasonableinformation security measuresinclude protecting personalinformation by T 4 securingthe data server containing that information from SQL injection attacks,encrypting critical data 1 5 (such as login credentials)containedin the database, monitoring network activity to identifu and I6 suspiciousamountsof out-bound data. Proper encryption often includes salting and hashing passwords, 1 7 which refers to adding strings of random charactersto the passwordsand then obscuring the data with a 1 8 crypto graphy algorithm. I9 15. Yahoo, however, failed to employ thesebasic security measures protect the personal to 20 information obtained and postedby D33Ds. Yahoo does employ thesemeasures safeguardother data to 2l in its possession, did not do so with respectto the login credentialsobtained from Associated but 22 Content and affected by the July 11 data breach. 23 16. Yahoo's serversshould not have been vulnerable to a SQL injection attack. When 24 interviewed about the Yahoo breach,Randy Abrams, researchdirector at NSS Labs, a technology 25 security researchand testing company, statedthat "[t]he only place we should be seeingSQL injection 26 attackstoday is in the classroom,as IT professionalsare being trained to prevent such attacks." 27 17. JasonRhykerd, an IT security expert with SystemExperts,estimatesthat the hackers 2 8 capturedmore than 2,000 databasetables and column names,along with 298 MySQL variables. Mr. CLASS ACTION COMPLAINT
I Rhykerd statedthat "[t]he amount of network traffic this attack would have generatedshould of set off 2 the lightest of [intrusion detection system] rules." a J 18. Anders Nilsson, security expert and chief technology officer of security company 4 Eurosecure,points out that "[w]ith the security policies [Yahoo] has in place for its other sites, it should 5 have known to at least put up a firewall to detectthesekind of things." 6 19. The SQL injection technique used againstYahoo has been known for over a decadeand 7 had already been used for massivedata thefts againstHeartland Payment Systemsand others. As far 8 back as 2003, the FederalTrade Commission consideredSQL injection attacksto be well-known and 9 foreseeableeventsthat can and should be taken into accountthrough routine security measures. As the 1 0 FTC statedin a complaint filed againsta company who claimed but failed to use reasonableinternet 1t security measures: t2 The risk of web-basedapplication attacksis commonly known in the information 13 technology industry, as are simple, publicly available measures prevent such attacks. to Security expertshave been warning the industry about thesevulnerabilities since at least t4 1997; in 1998,at least one security organizationdeveloped,and made available to the public at no charge,security measures which could prevent such attacks;and in 2000, the 15 industry beganreceiving reports of successfulattackson web-basedapplications. l6 t7 20. Yahoo also should have maintained Plaintiff s and classmembers' critical login 1 8 credentialsin encrypted form, which would have made them unusablein the event of a security breach. t9 Instead,Yahoo storedthis personalinformation in an unencryptedformat that could be read by anyone 20 who obtained access the database, to including Yahoo employees. 2l 21. Had Yahoo encryptedthe data using standardsalting and hashingtechniques,the data 22 stolen from Yahoo would have been prohibitively diffrcult to utilize, as eachpasswordwould have to be 23 cracked individually. For example, another Intemet company (social Q&A website Formspring) whose 24 data was recently stolen appeils to have successfullyprotected its user's personalinformation with such 25 encryption. 26 22. As a result of Yahoo's negligent security practices,D33Ds was able to post online the 27 critical login credentialsassociatedwith roughly 453,000 AssociatedContent accounts. Unauthorized 28 individuals could use this information to login into an affected user's AssociatedContent or Yahoo! CLASSACTION COMPLAINT
I Contributor Network account, and access personalinformation containedwithin the account- the 2 including, for instance,the accountholder'sPayPal ID. a J 23. Yahoo's failure to protect the critical login credentials it acquiredwith Associated 4 Content also put users' accountswith other online serviceproviders at risk becausemany people use the 5 samelogin credentialsacrossmultiple Intemet sites. For instance,a user might use the samee-mail 6 addressand passwordto accessa PayPal, Amazon,or internet banking account. 7 24. In its Yahoo Security Center, Yahoo itself cautionsusersto protect their login 8 credentials,answeringits own question "Why should I worry about my privacy on the Intemet?" as 9 follows: 10 You could be locked out of your online account and be unable to accessyour e-mail. But there can be even greaterconsequences.You could be the victim of identity theft. l1 Once identity thieves have your personalinformation, the results can be far-reaching, t2 difficult to rectify, and financially devastating. l3 Armed with your credit card information, fraudsterscould chargethousandsof dollars to t4 your accountbefore you ever seea statementfrom your credit card company. They can open new credit card accountsin your name. l5 t6 Using your identity, they can open a bank account and write bad checkson that account. They can authorize electronic transfersin your name, draining your bank account. To t7 avoid legal action againstdebtsthey've incurred using your identity, they might even file r8 for bankruptcy under your name. I9 They can take out a loan, buy a car, and get a driver's license- all in your name. They may use your name to get a job or file fraudulent tax returns. And if they're a:rested,they 20 may give your name to the police and fail to show up for their court date. Then, a 2I warrant for an arrest is issued- in your name. 22 25. SQL injection attacksare well-understoodin the Internet Technology industry, having ^a ZJ taken place for over a decade,and techniquesto resist such attacksare both well-known and in common 24 use by all major Internet businesses.Yahoo failed to use industry standardSQL databaseprotections, 25 monitoring techniques,and encryption practicesto protect the user data containedwithin its database. 26 In particular, Yahoo failed to secureits data seryer containing Plaintiff s and classmembers' 27 information from SQL injection attacks,encrypt the critical login credentialscontainedin the database, 28 and monitor its network activity to identify suspiciousamountsof out-bound data. In so doing, Yahoo CLASSACTION COMPLAINT
1 violated its duty to reasonablysecurethe personalinformation it acquiredwith AssociatedContent, 2 resulting in unauthorizedpersonshaving accessto those critical login credentialsand thus accessto a J affected users' AssociatedContent or Yahoo! Contributor Network accountsand other Internet accounts 4 containing personalinformation. 5 PLAINTIFF'S EXPERIENCE 6 26. Mr. Allan openedan accountwith AssociatedContent in November 2009 and published 7 articles through the network. Mr. Allan's Content Network account containedpersonalinformation 8 including his fulIntrne, e-mail address,PayPal e-mail address,date of birth, residency/citizenship, 9 physical address,telephonenumber, biography, interestsand areaof expertise,and education. 1 0 AssociatedContent also had Mr. Allan's social security number. All of this information was solicited 1 1 when Mr. Allan openedhis accountwith AssociatedContent. t2 27. On the morning of July 14,2012, Mr. Allan received e-mails from two online services r3 that he used, informing him of the Yahoo breach. Both serviceshad identified him as a user with t4 breachedaccount information and proactively disabledhis passwords. 15 28. Mr. Allan then changedthe passwordsfor all of the online accountshe could think of. t6 Mr. Allan has been writing content for a variety of websitesfor severalyears and many of the accounts l7 he has establishedto contribute content have personalinformation related to tax reporting and l8 with financial accounts,as well as his social securitv number. 19 29. Mr. Allan next attemptedto accesshis AssociatedContent accountthrough Yahoo! 20 Contributor Network but was unable to do so. Later that afternoon, Mr. Allan received an e-mail from 2l Yahoo informing him of the breachand suggestingthat he contact his e-mail serviceprovider to secure 22 his accountand monitor activity on all of his online accounts. z) 30. Mr. Allan usedthe samelogin credentialsthat were stolen and posted online in the 24 security breachto accesshis eBay account. On the aftemoon of July 20,2012, Mr. Allan received an e- 25 mail from eBay informing him that someonehad accessed accountwithout his permission and that his 26 the e-mail addressassociatedwith the accountmay have been changed. Mr. Allan had not used his 27 eBay accountsince2010. 28 31. Concernedabout unauthorizedaccessto his online accounts,Mr. Allan purchasedan CLASSACTION COMPLAINT
I Experian credit monitoring service for $14.95/month. 2 CLASS ACTION ALLEGATIONS a J 32. PlaintiffJeff Atlan brings this action pursuantto FederalRule of Civil Procedure23 on 4 behalf of himself and a classpreliminarily defined as: 5 A1l personswhose personalinformation was accessed and subsequently disclosedfollowing a databreachof Yahoo! Contributor Network on or 6 aboutJuly I1,2012. 7 Excluded from the class are Yahoo; any agent, affiliate, parent, or subsidiary of Yahoo; any entity in 8 which Yahoo has a controlling interest; any officer or director of Yahoo; any successor assignof or 9 Yahoo; and any Judgeto whom this caseis assigned,as well as his or her staffand immediate family. 10 33. Plaintiffsatisfies the numerosity, commonality, typicality, and adequacyprerequisitesfor 1 1 suing as a representativeparty pursuantto Rule 23. I2 34. Numerosity. The proposedclass consistsof approximately 450,000 persons-far too 1 3 many to join in a single action. T4 35. Commonality. Plaintiff s and classmembers' claims raise predominantly common 1 5 factual and legal questionsthat can be answeredfor all classmembersthrough a single class-wide I6 proceeding. For example,to resolve any class member's claims, it will be necessary answerthe to I7 following questions. The answerto each of these questionswill necessarilybe the samefor each class 1 8 member. T9 a. Did Yahoo have a legal duty to use reasonablesecurity measures protect class to 20 members' personalinformation? 2l b. Did Yahoo breach its legal duty by failing to securethe data server containing 22 Plaintiff s and classmembers' information from SQL injection attacks,encrypt ZJ the personalinformation containedin the database, and monitor its network 24 activity to identifu suspiciousamountsof out-bound data? 25 c. Did any breach by Yahoo of its legal duty to use reasonablesecurity measures 26 causePlaintiff and classmemberslegally-cognizabledamages? 27 36. Typicality. Plaintiff s claims are typical of classmembers' claims as each arisesfrom 28 the samedata breachand the samealleged negligenceon the part of Yahoo in handling classmember's CLASSACTION COMPLAINT
I personalinformation. 2 37. Adequacy. Plaintiffwill fairly and adequatelyprotect the interestsof the class. His a J interestsdo not conflict with classmembers' interestsand he has retained counselexperiencedin 4 complex class action litigation and data privacy to vigorously prosecutethis action on behalf of the 5 class. 6 38. In addition to satis$ing the prerequisitesof Rule 23(a), Plaintiff satisfiesthe 7 requirementsfor maintaining a class action under Rule 23(b)(3). Common questionsof law and fact 8 predominateover any questionsaffecting only individual membersand a class action is superior to 9 individual litigation. The amount of damagesavailable to individual plaintiffs is insufficient to make 1 0 litigation addressingYahoo's conduct economically feasible in the absenceof the class action 1 1 procedure. t2 39. In the alternative, class certification is appropriateunder Rule 23(b)(2) because 1 3 Defendanthas acted or refusedto act on groundsgenerally applicable to the class,thereby making final I4 injunctive relief appropriatewith respectto the membersof the class as a whole. 15 FIRST CAUSE OF ACTION t6 (For Negligence) t7 40. Plaintiff incorporatesthe above allegationsby reference. 18 4I. By maintaining their personalinformation in a databasethat was accessiblethrough the t9 Internet, Yahoo owed Plaintiff and classmembersa duty to employ reasonableInternet security 20 measures protect that information. to 2l 42. Yahoo failed to securethe data server containing that information from SQL injection 22 attacks,encrypt the personal information containedin the database, and monitor its networks to identi$ 23 suspiciousamountsof out-bound data. In failing to employ thesebasic and well-known intemet 24 measures, Yahoo departedfrom the reasonablestandardof care and violated its duty to protect 25 Plaintiff s and classmembers' personalinformation. 26 43. As a direct and proximate result of Yahoo's failure to exercisereasonablecare and use 27 commercially reasonableIntemet security measures, databases its were accessed unauthorized by 28 individuals who obtained and disclosedthe unencryptedpersonalinformation of Plaintiff and class CLASSACTION COMPLAINT
I members. 2 44. The unauthoized accessto Plaintiff s and classmembers' personalinformation was a J reasonablyforeseeable Yahoo, particularly consideringthat the method of accessis widely known in by 4 the computer and data security industry, and that it has long been standard practice in the Internet ) technology sectorto encrypt personalinformation, including critical login credentials. 6 45. Neither Plaintiff nor other classmemberscontributed to the security breach or Yahoo's 7 employment of insufficient security measures safeguardpersonalinformation. to 8 46. As a direct and proximate result of Yahoo's negligence,Plaintiff and classmembers 9 suffered injury through the public disclosureof their personalinformation, the unauthorizedaccessto 1 0 Intemet accountscontaining additional personalinformation, and through the heightenedrisk of 1 1 unauthorizedpersonsstealing additional personalinformation. Plaintiff and classmembershave also t2 incurred the cost of taking measures identify and safeguardaccountsput at risk by disclosureof the to 1 3 personalinformation stolen from Yahoo, including by purchasingcredit monitoring services. t4 PRAYER FOR RELIEF 15 WHEREFORE, Plaintiff, individually and on behalf of the Class,requeststhat the Court: t6 a. Certifu this caseas a class action on behalf of the class defined above, appoint Jeff Allan T7 as classrepresentative, and appoint his counselas classcounsel; 18 b. Award injunctive and other equitable relief as is necessary protect the interestsof to l9 Plaintiff and other class members; 20 c. Award damagesto Plaintiff and class membersin an amount to be determinedat trial; 2l d. Award Plaintiff and classmemberstheir reasonablelitigation expensesand attomeys' 22 fees; 23 Award Plaintiffand classmemberspre- and post-judgment interest,to the extent 24 allowable; and 25 Award such other and further relief as equity andjustice may require. 26 27 28 CLASS ACTION COMPLAINT
I JURY TRIAL 2 Plaintiff demands trial by jury for all issues triable. a so J Dated: Julv31-2012 GIRARD GIBBS LLP 4 5 By: 6 Dylan Hughes 7 Eric H. Gibbs 8 GeoffreyA. Munroe Amy M. Zemarr 9 601California Street, Floor 14tr l0 SanFrancisco, 94108 CA Telephone: (415)981-4800 1l Facsimile:(415)981-4846 t2 Attorneys Plaintiff for l3 t4 l5 16 l7 18 19 20 2l 22 23 24 25 26 27 28 CLASSACTION COMPLAINT

Recommended

FBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaint
FBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaintFBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaint
FBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaintDavid Sweigert
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008Donald E. Hester
 
Гильдия авторов против Hathitrust
Гильдия авторов против HathitrustГильдия авторов против Hathitrust
Гильдия авторов против HathitrustAnatol Alizar
 
Wikimedia подала в суд на АНБ
Wikimedia подала в суд на АНБWikimedia подала в суд на АНБ
Wikimedia подала в суд на АНБAnatol Alizar
 
Application and Affidavit for a Search Warrant
Application and Affidavit for a Search WarrantApplication and Affidavit for a Search Warrant
Application and Affidavit for a Search WarrantAnatol Alizar
 
146930457 prism-class
146930457 prism-class146930457 prism-class
146930457 prism-classAnatol Alizar
 
Av power consumption trial executive summary v1 0
Av power consumption trial executive summary v1 0Av power consumption trial executive summary v1 0
Av power consumption trial executive summary v1 0Anatol Alizar
 
Guia argentina de tratamiento de la EPOC
Guia argentina de tratamiento de la EPOCGuia argentina de tratamiento de la EPOC
Guia argentina de tratamiento de la EPOCAlejandro Videla
 

Recommended

FBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaint
FBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaintFBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaint
FBI takedown of Gameover Zeus (GOZ) Botnet --- Original complaintDavid Sweigert
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008Donald E. Hester
 
Гильдия авторов против Hathitrust
Гильдия авторов против HathitrustГильдия авторов против Hathitrust
Гильдия авторов против HathitrustAnatol Alizar
 
Wikimedia подала в суд на АНБ
Wikimedia подала в суд на АНБWikimedia подала в суд на АНБ
Wikimedia подала в суд на АНБAnatol Alizar
 
Application and Affidavit for a Search Warrant
Application and Affidavit for a Search WarrantApplication and Affidavit for a Search Warrant
Application and Affidavit for a Search WarrantAnatol Alizar
 
146930457 prism-class
146930457 prism-class146930457 prism-class
146930457 prism-classAnatol Alizar
 
Av power consumption trial executive summary v1 0
Av power consumption trial executive summary v1 0Av power consumption trial executive summary v1 0
Av power consumption trial executive summary v1 0Anatol Alizar
 
Guia argentina de tratamiento de la EPOC
Guia argentina de tratamiento de la EPOCGuia argentina de tratamiento de la EPOC
Guia argentina de tratamiento de la EPOCAlejandro Videla
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdfamcointernationaljam
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022ndcmanagement
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Data data every where!! Thomas O'Grady
Data data every where!! Thomas O'GradyData data every where!! Thomas O'Grady
Data data every where!! Thomas O'Gradytomo006
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013n|u - The Open Security Community
 
2014’s biggest winners and losers in privacy and security
2014’s biggest winners and losers in privacy and security2014’s biggest winners and losers in privacy and security
2014’s biggest winners and losers in privacy and securityGolden Locksmith
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibitsAndrey Apuhtin
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxcowinhelen
 
Cyber war
Cyber warCyber war
Cyber warPraveen
 
PP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxPP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxMuhammadAbdullah201796
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
IT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of WikileaksIT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of WikileaksAnderson Ruysam, BBA (IS) CISSP, CRISC, DevSecOps
 
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2Anatol Alizar
 
Lectures on Analytic Geometry
Lectures on Analytic GeometryLectures on Analytic Geometry
Lectures on Analytic GeometryAnatol Alizar
 

More Related Content

Similar to На Yahoo подали в суд из-за кражи 450 тыс. паролей

On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdfamcointernationaljam
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022ndcmanagement
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Data data every where!! Thomas O'Grady
Data data every where!! Thomas O'GradyData data every where!! Thomas O'Grady
Data data every where!! Thomas O'Gradytomo006
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
2014’s biggest winners and losers in privacy and security
2014’s biggest winners and losers in privacy and security2014’s biggest winners and losers in privacy and security
2014’s biggest winners and losers in privacy and securityGolden Locksmith
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibitsAndrey Apuhtin
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxcowinhelen
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 

Similar to На Yahoo подали в суд из-за кражи 450 тыс. паролей (20)

On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPod
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Data data every where!! Thomas O'Grady
Data data every where!! Thomas O'GradyData data every where!! Thomas O'Grady
Data data every where!! Thomas O'Grady
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
 
2014’s biggest winners and losers in privacy and security
2014’s biggest winners and losers in privacy and security2014’s biggest winners and losers in privacy and security
2014’s biggest winners and losers in privacy and security
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
 
Cyber war
Cyber warCyber war
Cyber war
 
PP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxPP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptx
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
IT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of WikileaksIT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of Wikileaks
 

More from Anatol Alizar

Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2Anatol Alizar
 
Lectures on Analytic Geometry
Lectures on Analytic GeometryLectures on Analytic Geometry
Lectures on Analytic GeometryAnatol Alizar
 
Military Cryptanalytics II
Military Cryptanalytics IIMilitary Cryptanalytics II
Military Cryptanalytics IIAnatol Alizar
 
Британская разведка не может нанять шпионов
Британская разведка не может нанять шпионовБританская разведка не может нанять шпионов
Британская разведка не может нанять шпионовAnatol Alizar
 
Исковое заявление Waymo
Исковое заявление WaymoИсковое заявление Waymo
Исковое заявление WaymoAnatol Alizar
 
Решение окружного суда Северной Калифорнии
Решение окружного суда Северной КалифорнииРешение окружного суда Северной Калифорнии
Решение окружного суда Северной КалифорнииAnatol Alizar
 
Facebook обвиняют в плагиате проекта дата-центра в Швеции
Facebook обвиняют в плагиате проекта дата-центра в ШвецииFacebook обвиняют в плагиате проекта дата-центра в Швеции
Facebook обвиняют в плагиате проекта дата-центра в ШвецииAnatol Alizar
 
Песочница Chrome нарушает три патента
Песочница Chrome нарушает три патентаПесочница Chrome нарушает три патента
Песочница Chrome нарушает три патентаAnatol Alizar
 
Российский интернет на военном положении
Российский интернет на военном положенииРоссийский интернет на военном положении
Российский интернет на военном положенииAnatol Alizar
 
Судья приказал Google выдать почту пользователя с зарубежных серверов
Судья приказал Google выдать почту пользователя с зарубежных серверовСудья приказал Google выдать почту пользователя с зарубежных серверов
Судья приказал Google выдать почту пользователя с зарубежных серверовAnatol Alizar
 
Zenimax-v-oculus-amended-complaint
Zenimax-v-oculus-amended-complaintZenimax-v-oculus-amended-complaint
Zenimax-v-oculus-amended-complaintAnatol Alizar
 
Oculus jury response
Oculus jury responseOculus jury response
Oculus jury responseAnatol Alizar
 
13 млн документов ЦРУ рассекречено и опубликовано в онлайне
13 млн документов ЦРУ рассекречено и опубликовано в онлайне13 млн документов ЦРУ рассекречено и опубликовано в онлайне
13 млн документов ЦРУ рассекречено и опубликовано в онлайнеAnatol Alizar
 
Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...
Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...
Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...Anatol Alizar
 
В Instagram можно найти фотографии авиабилетов и присвоить себе бонусные мили
В Instagram можно найти фотографии авиабилетов и присвоить себе бонусные милиВ Instagram можно найти фотографии авиабилетов и присвоить себе бонусные мили
В Instagram можно найти фотографии авиабилетов и присвоить себе бонусные милиAnatol Alizar
 
Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...
Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...
Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...Anatol Alizar
 
Рядовые сотрудники Uber использовали «режим Бога» для слежки за бывшими
Рядовые сотрудники Uber использовали «режим Бога» для слежки за бывшимиРядовые сотрудники Uber использовали «режим Бога» для слежки за бывшими
Рядовые сотрудники Uber использовали «режим Бога» для слежки за бывшимиAnatol Alizar
 
Немецкий суд объяснил, почему блокировщики рекламы не нарушают закон
Немецкий суд объяснил, почему блокировщики рекламы не нарушают законНемецкий суд объяснил, почему блокировщики рекламы не нарушают закон
Немецкий суд объяснил, почему блокировщики рекламы не нарушают законAnatol Alizar
 

More from Anatol Alizar (20)

Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
 
Lectures on Analytic Geometry
Lectures on Analytic GeometryLectures on Analytic Geometry
Lectures on Analytic Geometry
 
Military Cryptanalytics II
Military Cryptanalytics IIMilitary Cryptanalytics II
Military Cryptanalytics II
 
Британская разведка не может нанять шпионов
Британская разведка не может нанять шпионовБританская разведка не может нанять шпионов
Британская разведка не может нанять шпионов
 
Libratus
LibratusLibratus
Libratus
 
Исковое заявление Waymo
Исковое заявление WaymoИсковое заявление Waymo
Исковое заявление Waymo
 
Решение окружного суда Северной Калифорнии
Решение окружного суда Северной КалифорнииРешение окружного суда Северной Калифорнии
Решение окружного суда Северной Калифорнии
 
Facebook обвиняют в плагиате проекта дата-центра в Швеции
Facebook обвиняют в плагиате проекта дата-центра в ШвецииFacebook обвиняют в плагиате проекта дата-центра в Швеции
Facebook обвиняют в плагиате проекта дата-центра в Швеции
 
Cloud Spanner
Cloud SpannerCloud Spanner
Cloud Spanner
 
Песочница Chrome нарушает три патента
Песочница Chrome нарушает три патентаПесочница Chrome нарушает три патента
Песочница Chrome нарушает три патента
 
Российский интернет на военном положении
Российский интернет на военном положенииРоссийский интернет на военном положении
Российский интернет на военном положении
 
Судья приказал Google выдать почту пользователя с зарубежных серверов
Судья приказал Google выдать почту пользователя с зарубежных серверовСудья приказал Google выдать почту пользователя с зарубежных серверов
Судья приказал Google выдать почту пользователя с зарубежных серверов
 
Zenimax-v-oculus-amended-complaint
Zenimax-v-oculus-amended-complaintZenimax-v-oculus-amended-complaint
Zenimax-v-oculus-amended-complaint
 
Oculus jury response
Oculus jury responseOculus jury response
Oculus jury response
 
13 млн документов ЦРУ рассекречено и опубликовано в онлайне
13 млн документов ЦРУ рассекречено и опубликовано в онлайне13 млн документов ЦРУ рассекречено и опубликовано в онлайне
13 млн документов ЦРУ рассекречено и опубликовано в онлайне
 
Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...
Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...
Тот день, когда аноны с 4chan затроллили разведывательные агентства и мировые...
 
В Instagram можно найти фотографии авиабилетов и присвоить себе бонусные мили
В Instagram можно найти фотографии авиабилетов и присвоить себе бонусные милиВ Instagram можно найти фотографии авиабилетов и присвоить себе бонусные мили
В Instagram можно найти фотографии авиабилетов и присвоить себе бонусные мили
 
Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...
Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...
Ещё шесть радиосигналов неизвестной природы получены из-за пределов нашей гал...
 
Рядовые сотрудники Uber использовали «режим Бога» для слежки за бывшими
Рядовые сотрудники Uber использовали «режим Бога» для слежки за бывшимиРядовые сотрудники Uber использовали «режим Бога» для слежки за бывшими
Рядовые сотрудники Uber использовали «режим Бога» для слежки за бывшими
 
Немецкий суд объяснил, почему блокировщики рекламы не нарушают закон
Немецкий суд объяснил, почему блокировщики рекламы не нарушают законНемецкий суд объяснил, почему блокировщики рекламы не нарушают закон
Немецкий суд объяснил, почему блокировщики рекламы не нарушают закон
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

Recently uploaded (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 

На Yahoo подали в суд из-за кражи 450 тыс. паролей

  • 1. I Eric H. Gibbs(State No. 173653) Bar gft/c//UAl ehg@girardgibbs.com 2 Dylan Hughes (StateBar No. 209113) a J dsh@girardgibbs.com GeoffreyA. Munroe(StateBar No. 229590) 4 gam@girardgibbs.com Amy M. Zeman (StateBarNo. 273100) amz@girardgibbs.com 6 GIRARD GIBBS LLP 601 CaliforniaStreet,14thFloor 7 SanFrancisco, Califomia 94104 (41 Telephone: 5) 981 -4800 8 Facsimile:(415)981-4846 9 Attorneys Plaintiff for 10 tl UNITED STATESDISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA t2 t3 SAN JOSE DIVISION Jeff Allan, on behalf of himself and all others cv T2 40 t4 similarly situated, 15 CLASSACTION COMPLAINT FOR: t6 Plaintiff. vs. (1)Negligence t7 YAHOO! INC.. DEMAND FOR JURY TRIAL 18 t9 Defendant. 20 2l 22 23 24 25 26 27 28 CLASSACTION COMPLAINT
  • 2. 1 SUMMARY OF THE CASE 2 1. Yahoo! Inc. is a leading Intemet company that provides Internet basedservicesto a J millions of userson a monthly basis and yet failed to deploy even the most rudimentary of protections 4 for certain usersopersonalinformation. Consequently,a group of hackers,in the name of publicly 5 humiliating Yahoo for it lax security measures, infiltrated a Yahoo databaseand publicly posted login 6 credentialsfrom over 450,000 accounts. 7 2. Plaintiff Jeff Allan is one of the approximately 450,000 userswhose information was 8 posted online for the world to seeand use. Within days of the breach,Mr. Allan received an alert of 9 account fraud on his eBay account,which used the samelogin credentialsas disclosedin the Yahoo 1 0 breach. Mr. Allan does not know what other information the hackersand others have gatheredabout 1l him. t2 3. Plaintiff Allan brings this classaction lawsuit againstYahoo for failing to adequately t3 safeguardhis and others' personalinformation. Mr. Allan seeksan order requiring Yahoo to remedy the T 4 harm causedby its negligent security, which may includ" Plaintiffand classmembersfor "o-p"nruiing 1 5 resulting account fraud and for all reasonablynecessarymeasuresPlaintiff and classmembershave had l6 to take in order to identi$' and safeguardthe accountsput at risk by Yahoo's negligent security. t7 PARTIES 18 4. PlaintiffJeff Allan is a resident of the Stateof New Hampshire. Mr. Allan is one of I9 approximately 450,000 people whose e-mail addressand passwordwere publicly disclosedon the 20 internet becauseYahoo did not take reasonablemeasuresin securingthem. 2l 5. Defendant Yahoo! Inc. is a Delaware corporation with its principal place of businessat 22 701 First Avenue, Sunnyvale,California 94089. Yahoo does businessthroughout the Stateof Californi 23 and the United States. Yahoo maintains a substantialportion of its computer systemsin California. 24 JURISDICTION AND VENUE 25 6. This Court has original jurisdiction pursuantto the Class Action FairnessAct, 28 U.S.C. 26 $ 1332(d),because(a) at least one member of the putative class is acitizenof a statedifferent from 27 Defendant,(b) the amount in controversyexceeds$5,000,000,exclusive of interest and costs,(c) the 2 8 proposedclass consistsof more than 100 class members,and (d) none of the exceptionsunder the CLASS ACTION COMPLAINT
  • 3. I subsectionapply to this action. 2 7. Venue is proper in this District under 28 U.S.C. $ 1391(b)becauseDefendant maintains J its headquarters and principal place of businessin this District and a substantialpart of the eventsgiving 4 rise to Plaintiff s Complaint occurred in this District. 5 INTRADISTRICT ASSIGNMENT 6 8. Assignment is proper to the San Josedivision of this District under Local Rule 3-2(c), as 7 a substantialpart of the eventsand omissions giving rise to Plaintiff s claims occurred in SantaClara 8 County. 9 COMMON FACTUAL ALLEGATIONS 10 AssociatedContent and the Yahoo! Contributor Network ll 9. Yahoo is a Delaware corporation that operatesa host of Internet websites and services, t2 including a web portal, searchengine, and e-mail service. Roughly 700 million people visit Yahoo 1 3 websitesevery month, making them among the most popular on the intemet. t4 10. In 2010, Yahoo paid $100 million for AssociatedContent,a companythat published l5 text, image, and video media contributed by freelancerauthorsregisteredwith the company. To t6 contribute material before the Yahoo purchase,usershad to establishan accountwith Associated t7 Content, using an e-mail addressas the login name and creating a password. Some or all of theselogin 1 8 credentialswere obtained by Yahoo when it acquired AssociatedContent. I9 I l. In November 2010, Yahoo launchedthe Yahoo! Contributor Network, calling it "an 20 evolution of the AssociatedContent platform" that would "bring contributions from more than 450,000 2l writers, photographers,and videographersto the Internet's largest media destinations,including Yahoo! 22 News, Yahoo! Finance, Yahoo! Sports,and even the Yahoo! Homepage,among many others." In 23 December2011, Yahoo also announcedYahoo! Voices, a new digital library for content published by 24 the Yahoo! Contributor Network, including content acquiredwith AssociatedContent. Registeredusers 25 of the Yahoo! Contributor Network can contribute content and, in some cases,earn money if Yahoo 26 publishestheir content. 27 The Securitv Breach 28 12. On July I1,2012, a group of hackersreportedly basedin Eastem Europe and known as CLASS ACTION COMPLAINT
  • 4. I 'the D33Ds Company" breachedYahoo's security measuresand extractede-mail addresses and 2 passwordsthat were storedunencryptedwithin a Yahoo database.D33Ds then postedtheselogin J credentials,which were associatedwith roughly 453,000 AssociatedContent users,online in a plaintext 4 file, stating that they did so in order to provide a "wake-up" call to Yahoo about its lack of proper 5 security. 6 13. The hackersused a techniqueknown as a "SQL injection attack," which works by 7 "injecting" malicious commandsinto the streamof commandsbetweena website application and the 8 databasesoftware feeding it. If the databasedoesnot properly screentheseinputs for signs of attack, 9 attackerscan acquire information from the databasethat they would otherwise be barred from accessing. 1 0 In essence, SQL injection attackexploits the way in which a website communicateswith back-end a 1 1 databases, allowing an attackerto issuecommands(in the form of specially crafted SQL statements) to t2 databasethat contains information used by the website application, such as users' login credentials. 13 14. Reasonableinformation security measuresinclude protecting personalinformation by T 4 securingthe data server containing that information from SQL injection attacks,encrypting critical data 1 5 (such as login credentials)containedin the database, monitoring network activity to identifu and I6 suspiciousamountsof out-bound data. Proper encryption often includes salting and hashing passwords, 1 7 which refers to adding strings of random charactersto the passwordsand then obscuring the data with a 1 8 crypto graphy algorithm. I9 15. Yahoo, however, failed to employ thesebasic security measures protect the personal to 20 information obtained and postedby D33Ds. Yahoo does employ thesemeasures safeguardother data to 2l in its possession, did not do so with respectto the login credentialsobtained from Associated but 22 Content and affected by the July 11 data breach. 23 16. Yahoo's serversshould not have been vulnerable to a SQL injection attack. When 24 interviewed about the Yahoo breach,Randy Abrams, researchdirector at NSS Labs, a technology 25 security researchand testing company, statedthat "[t]he only place we should be seeingSQL injection 26 attackstoday is in the classroom,as IT professionalsare being trained to prevent such attacks." 27 17. JasonRhykerd, an IT security expert with SystemExperts,estimatesthat the hackers 2 8 capturedmore than 2,000 databasetables and column names,along with 298 MySQL variables. Mr. CLASS ACTION COMPLAINT
  • 5. I Rhykerd statedthat "[t]he amount of network traffic this attack would have generatedshould of set off 2 the lightest of [intrusion detection system] rules." a J 18. Anders Nilsson, security expert and chief technology officer of security company 4 Eurosecure,points out that "[w]ith the security policies [Yahoo] has in place for its other sites, it should 5 have known to at least put up a firewall to detectthesekind of things." 6 19. The SQL injection technique used againstYahoo has been known for over a decadeand 7 had already been used for massivedata thefts againstHeartland Payment Systemsand others. As far 8 back as 2003, the FederalTrade Commission consideredSQL injection attacksto be well-known and 9 foreseeableeventsthat can and should be taken into accountthrough routine security measures. As the 1 0 FTC statedin a complaint filed againsta company who claimed but failed to use reasonableinternet 1t security measures: t2 The risk of web-basedapplication attacksis commonly known in the information 13 technology industry, as are simple, publicly available measures prevent such attacks. to Security expertshave been warning the industry about thesevulnerabilities since at least t4 1997; in 1998,at least one security organizationdeveloped,and made available to the public at no charge,security measures which could prevent such attacks;and in 2000, the 15 industry beganreceiving reports of successfulattackson web-basedapplications. l6 t7 20. Yahoo also should have maintained Plaintiff s and classmembers' critical login 1 8 credentialsin encrypted form, which would have made them unusablein the event of a security breach. t9 Instead,Yahoo storedthis personalinformation in an unencryptedformat that could be read by anyone 20 who obtained access the database, to including Yahoo employees. 2l 21. Had Yahoo encryptedthe data using standardsalting and hashingtechniques,the data 22 stolen from Yahoo would have been prohibitively diffrcult to utilize, as eachpasswordwould have to be 23 cracked individually. For example, another Intemet company (social Q&A website Formspring) whose 24 data was recently stolen appeils to have successfullyprotected its user's personalinformation with such 25 encryption. 26 22. As a result of Yahoo's negligent security practices,D33Ds was able to post online the 27 critical login credentialsassociatedwith roughly 453,000 AssociatedContent accounts. Unauthorized 28 individuals could use this information to login into an affected user's AssociatedContent or Yahoo! CLASSACTION COMPLAINT
  • 6. I Contributor Network account, and access personalinformation containedwithin the account- the 2 including, for instance,the accountholder'sPayPal ID. a J 23. Yahoo's failure to protect the critical login credentials it acquiredwith Associated 4 Content also put users' accountswith other online serviceproviders at risk becausemany people use the 5 samelogin credentialsacrossmultiple Intemet sites. For instance,a user might use the samee-mail 6 addressand passwordto accessa PayPal, Amazon,or internet banking account. 7 24. In its Yahoo Security Center, Yahoo itself cautionsusersto protect their login 8 credentials,answeringits own question "Why should I worry about my privacy on the Intemet?" as 9 follows: 10 You could be locked out of your online account and be unable to accessyour e-mail. But there can be even greaterconsequences.You could be the victim of identity theft. l1 Once identity thieves have your personalinformation, the results can be far-reaching, t2 difficult to rectify, and financially devastating. l3 Armed with your credit card information, fraudsterscould chargethousandsof dollars to t4 your accountbefore you ever seea statementfrom your credit card company. They can open new credit card accountsin your name. l5 t6 Using your identity, they can open a bank account and write bad checkson that account. They can authorize electronic transfersin your name, draining your bank account. To t7 avoid legal action againstdebtsthey've incurred using your identity, they might even file r8 for bankruptcy under your name. I9 They can take out a loan, buy a car, and get a driver's license- all in your name. They may use your name to get a job or file fraudulent tax returns. And if they're a:rested,they 20 may give your name to the police and fail to show up for their court date. Then, a 2I warrant for an arrest is issued- in your name. 22 25. SQL injection attacksare well-understoodin the Internet Technology industry, having ^a ZJ taken place for over a decade,and techniquesto resist such attacksare both well-known and in common 24 use by all major Internet businesses.Yahoo failed to use industry standardSQL databaseprotections, 25 monitoring techniques,and encryption practicesto protect the user data containedwithin its database. 26 In particular, Yahoo failed to secureits data seryer containing Plaintiff s and classmembers' 27 information from SQL injection attacks,encrypt the critical login credentialscontainedin the database, 28 and monitor its network activity to identify suspiciousamountsof out-bound data. In so doing, Yahoo CLASSACTION COMPLAINT
  • 7. 1 violated its duty to reasonablysecurethe personalinformation it acquiredwith AssociatedContent, 2 resulting in unauthorizedpersonshaving accessto those critical login credentialsand thus accessto a J affected users' AssociatedContent or Yahoo! Contributor Network accountsand other Internet accounts 4 containing personalinformation. 5 PLAINTIFF'S EXPERIENCE 6 26. Mr. Allan openedan accountwith AssociatedContent in November 2009 and published 7 articles through the network. Mr. Allan's Content Network account containedpersonalinformation 8 including his fulIntrne, e-mail address,PayPal e-mail address,date of birth, residency/citizenship, 9 physical address,telephonenumber, biography, interestsand areaof expertise,and education. 1 0 AssociatedContent also had Mr. Allan's social security number. All of this information was solicited 1 1 when Mr. Allan openedhis accountwith AssociatedContent. t2 27. On the morning of July 14,2012, Mr. Allan received e-mails from two online services r3 that he used, informing him of the Yahoo breach. Both serviceshad identified him as a user with t4 breachedaccount information and proactively disabledhis passwords. 15 28. Mr. Allan then changedthe passwordsfor all of the online accountshe could think of. t6 Mr. Allan has been writing content for a variety of websitesfor severalyears and many of the accounts l7 he has establishedto contribute content have personalinformation related to tax reporting and l8 with financial accounts,as well as his social securitv number. 19 29. Mr. Allan next attemptedto accesshis AssociatedContent accountthrough Yahoo! 20 Contributor Network but was unable to do so. Later that afternoon, Mr. Allan received an e-mail from 2l Yahoo informing him of the breachand suggestingthat he contact his e-mail serviceprovider to secure 22 his accountand monitor activity on all of his online accounts. z) 30. Mr. Allan usedthe samelogin credentialsthat were stolen and posted online in the 24 security breachto accesshis eBay account. On the aftemoon of July 20,2012, Mr. Allan received an e- 25 mail from eBay informing him that someonehad accessed accountwithout his permission and that his 26 the e-mail addressassociatedwith the accountmay have been changed. Mr. Allan had not used his 27 eBay accountsince2010. 28 31. Concernedabout unauthorizedaccessto his online accounts,Mr. Allan purchasedan CLASSACTION COMPLAINT
  • 8. I Experian credit monitoring service for $14.95/month. 2 CLASS ACTION ALLEGATIONS a J 32. PlaintiffJeff Atlan brings this action pursuantto FederalRule of Civil Procedure23 on 4 behalf of himself and a classpreliminarily defined as: 5 A1l personswhose personalinformation was accessed and subsequently disclosedfollowing a databreachof Yahoo! Contributor Network on or 6 aboutJuly I1,2012. 7 Excluded from the class are Yahoo; any agent, affiliate, parent, or subsidiary of Yahoo; any entity in 8 which Yahoo has a controlling interest; any officer or director of Yahoo; any successor assignof or 9 Yahoo; and any Judgeto whom this caseis assigned,as well as his or her staffand immediate family. 10 33. Plaintiffsatisfies the numerosity, commonality, typicality, and adequacyprerequisitesfor 1 1 suing as a representativeparty pursuantto Rule 23. I2 34. Numerosity. The proposedclass consistsof approximately 450,000 persons-far too 1 3 many to join in a single action. T4 35. Commonality. Plaintiff s and classmembers' claims raise predominantly common 1 5 factual and legal questionsthat can be answeredfor all classmembersthrough a single class-wide I6 proceeding. For example,to resolve any class member's claims, it will be necessary answerthe to I7 following questions. The answerto each of these questionswill necessarilybe the samefor each class 1 8 member. T9 a. Did Yahoo have a legal duty to use reasonablesecurity measures protect class to 20 members' personalinformation? 2l b. Did Yahoo breach its legal duty by failing to securethe data server containing 22 Plaintiff s and classmembers' information from SQL injection attacks,encrypt ZJ the personalinformation containedin the database, and monitor its network 24 activity to identifu suspiciousamountsof out-bound data? 25 c. Did any breach by Yahoo of its legal duty to use reasonablesecurity measures 26 causePlaintiff and classmemberslegally-cognizabledamages? 27 36. Typicality. Plaintiff s claims are typical of classmembers' claims as each arisesfrom 28 the samedata breachand the samealleged negligenceon the part of Yahoo in handling classmember's CLASSACTION COMPLAINT
  • 9. I personalinformation. 2 37. Adequacy. Plaintiffwill fairly and adequatelyprotect the interestsof the class. His a J interestsdo not conflict with classmembers' interestsand he has retained counselexperiencedin 4 complex class action litigation and data privacy to vigorously prosecutethis action on behalf of the 5 class. 6 38. In addition to satis$ing the prerequisitesof Rule 23(a), Plaintiff satisfiesthe 7 requirementsfor maintaining a class action under Rule 23(b)(3). Common questionsof law and fact 8 predominateover any questionsaffecting only individual membersand a class action is superior to 9 individual litigation. The amount of damagesavailable to individual plaintiffs is insufficient to make 1 0 litigation addressingYahoo's conduct economically feasible in the absenceof the class action 1 1 procedure. t2 39. In the alternative, class certification is appropriateunder Rule 23(b)(2) because 1 3 Defendanthas acted or refusedto act on groundsgenerally applicable to the class,thereby making final I4 injunctive relief appropriatewith respectto the membersof the class as a whole. 15 FIRST CAUSE OF ACTION t6 (For Negligence) t7 40. Plaintiff incorporatesthe above allegationsby reference. 18 4I. By maintaining their personalinformation in a databasethat was accessiblethrough the t9 Internet, Yahoo owed Plaintiff and classmembersa duty to employ reasonableInternet security 20 measures protect that information. to 2l 42. Yahoo failed to securethe data server containing that information from SQL injection 22 attacks,encrypt the personal information containedin the database, and monitor its networks to identi$ 23 suspiciousamountsof out-bound data. In failing to employ thesebasic and well-known intemet 24 measures, Yahoo departedfrom the reasonablestandardof care and violated its duty to protect 25 Plaintiff s and classmembers' personalinformation. 26 43. As a direct and proximate result of Yahoo's failure to exercisereasonablecare and use 27 commercially reasonableIntemet security measures, databases its were accessed unauthorized by 28 individuals who obtained and disclosedthe unencryptedpersonalinformation of Plaintiff and class CLASSACTION COMPLAINT
  • 10. I members. 2 44. The unauthoized accessto Plaintiff s and classmembers' personalinformation was a J reasonablyforeseeable Yahoo, particularly consideringthat the method of accessis widely known in by 4 the computer and data security industry, and that it has long been standard practice in the Internet ) technology sectorto encrypt personalinformation, including critical login credentials. 6 45. Neither Plaintiff nor other classmemberscontributed to the security breach or Yahoo's 7 employment of insufficient security measures safeguardpersonalinformation. to 8 46. As a direct and proximate result of Yahoo's negligence,Plaintiff and classmembers 9 suffered injury through the public disclosureof their personalinformation, the unauthorizedaccessto 1 0 Intemet accountscontaining additional personalinformation, and through the heightenedrisk of 1 1 unauthorizedpersonsstealing additional personalinformation. Plaintiff and classmembershave also t2 incurred the cost of taking measures identify and safeguardaccountsput at risk by disclosureof the to 1 3 personalinformation stolen from Yahoo, including by purchasingcredit monitoring services. t4 PRAYER FOR RELIEF 15 WHEREFORE, Plaintiff, individually and on behalf of the Class,requeststhat the Court: t6 a. Certifu this caseas a class action on behalf of the class defined above, appoint Jeff Allan T7 as classrepresentative, and appoint his counselas classcounsel; 18 b. Award injunctive and other equitable relief as is necessary protect the interestsof to l9 Plaintiff and other class members; 20 c. Award damagesto Plaintiff and class membersin an amount to be determinedat trial; 2l d. Award Plaintiff and classmemberstheir reasonablelitigation expensesand attomeys' 22 fees; 23 Award Plaintiffand classmemberspre- and post-judgment interest,to the extent 24 allowable; and 25 Award such other and further relief as equity andjustice may require. 26 27 28 CLASS ACTION COMPLAINT
  • 11. I JURY TRIAL 2 Plaintiff demands trial by jury for all issues triable. a so J Dated: Julv31-2012 GIRARD GIBBS LLP 4 5 By: 6 Dylan Hughes 7 Eric H. Gibbs 8 GeoffreyA. Munroe Amy M. Zemarr 9 601California Street, Floor 14tr l0 SanFrancisco, 94108 CA Telephone: (415)981-4800 1l Facsimile:(415)981-4846 t2 Attorneys Plaintiff for l3 t4 l5 16 l7 18 19 20 2l 22 23 24 25 26 27 28 CLASSACTION COMPLAINT