Yahoo! is facing a lawsuit following its disclosure last month that hackers stole 450,000 unencrypted email addresses and passwords of its members.
The suit was filed July 31 by a US user and victim Jeff Allan who alleged in the complaint that Yahoo! didn't properly protect his personal information, and sought unspecified compensation for himself and other affected users, according to a Bloomberg report.
In a blog post last month, the web giant said the intruders accessed a "standalone file" that contained the login data used by writers who joined Associated Content prior to May 2010, the month when Yahoo! acquired the company for $100 million.
Now called Yahoo! Contributor Network, the business unit specializes in producing freelancer-generated, search-optimized content.
The hackers, which claimed to be part of a relatively unknown contingent known as "D33ds Company," likely obtained the information in clear text through a SQL injection attack, a common technique used to infiltrate vulnerable web applications.
Yahoo! has since closed the vulnerability that led to the breach. A spokesperson could not be reached for comment at the time of publication.
Lawsuits following breaches are commonplace, but often the plaintiffs find little recourse unless they can prove actual harm.