Yahoo! was hacked multiple times in the 2010’s. In the worse case, literally every single account was compromised. If you had opened a Yahoo! account before 2016 your info — including your password — is available on the Dark Web.

Yahoo! is working on winding down the class action lawsuit against it. For US and Israeli consumers with Yahoo! accounts during the hacked times 2 years of credit monitoring is available.

Breaches listed from the settlement notification:

  • 2012 Data Security Intrusions: From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems.  The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems.
  • 2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts.
  • 2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.
  • 2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts.