Yahoo’s historic hack has finally been brought to a close.
The beleaguered internet firm has agreed to pay $50 million in damages as a result of a data breach that hit some 1 billion accounts, affecting approximately 200 million people.
As a result of the settlement, Yahoo will also provide two years of free credit-monitoring services to those people, whose email addresses and other personal information were stolen as part of the biggest security breach in history.
Scroll down for video
Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to about 200 million people in the U.S. and Israel whose email addresses and other personal information were stolen as part of the biggest security breach in history.
The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren’t disclosed until 2016.
In addition to email addresses, users’ birth dates, names and telephone numbers were stolen, among other things.
Yahoo, which is now owned by Verizon, later discovered that all 3 billion of its users had been affected by the breach – several billion more than it initially thought.
The settlement reached in a San Francisco court covers about 1 billion of those accounts held by an estimated 200 million people.
Some of the hackers were believed to be state-sponsored actors from Russia.
Yahoo still hasn’t figured out what intrusion led to the attack.
The breach that hit 3 billion users was revealed as Yahoo completed its integration with Verizon. Once the deal closed, then-CEO Marissa Mayer (pictured) stepped down
However, the company maintains that users passwords, credit card numbers and bank account information was not stolen as a result of the breach.
It wasn’t until 2017 that Yahoo revealed all 3 billion of its users had been hit by a data breach.
Yahoo is now part of a Verizon unit called Oath. Once the deal was closed, then-CEO Marissa Mayer stepped down.
Mayer was not paid her 2016 bonus, worth as much as $2million, nor her 2017 equity grants as a result of the hacking incidents.
YAHOO’S 2014 MEGAHACK
Yahoo began looking into the hack in August 2014.
That was before it was officially announced in 2016 that a 2014 attack had hit its systems.
It compromised the names, email addresses, telephone numbers, birthdays, encrypted passwords and security questions of its users.
The internet firm said it learned of the breach in the summer of 2016 while investigating claims of a separate intrusion, but it has not provided a specific timeline of events.
The data breach is still under investigation, and FBI officials confirmed there were signs of a ‘state-sponsored’ attack.
In court papers, Yahoo had argued that the breaches were ‘a triumph of criminal persistence’ by a ‘veritable ‘who’s who’ of cybercriminals’ and that no security system is hack-proof.
Last year, the US Department of Justice charged two officers of the Russian Federal Security Service and two hackers in connection with the second breach in late 2014.