Did you have a Yahoo account between 2012 and 2016?

3 billion Yahoo accounts compromised across multiple breaches (every account in existence)

$117.5M final class action settlement fund

2012 to 2016 years of the multiple breaches

Up to $25K reimbursement cap for documented out-of-pocket losses

Why this is real and why it matters now

Between 2012 and 2016, Yahoo's databases were compromised in two of the largest breaches in internet history. Every Yahoo account in existence at the time — about 3 billion — had email addresses, passwords, security questions, and birth dates exposed. The settlement provides credit monitoring (1+ years), reimbursement up to $25,000 for documented losses, and small cash payments.

Yahoo disclosed in 2016 and 2017 that two of the largest breaches in internet history occurred between 2012 and 2016, compromising essentially every Yahoo account: names, email addresses, passwords, security questions, and birth dates of about 3 billion accounts. The disclosures led Verizon to renegotiate its acquisition price for Yahoo's core business.

A $117.5 million class action settlement received final approval in 2019-2020. It paid free credit monitoring through AllClear ID, reimbursement of documented out-of-pocket losses up to $25,000, time-spent reimbursement at $25/hour, and a small cash alternative. The claim filing window closed July 20, 2020; this matter remains primarily a historical record for breach-affected users.

What you might receive. documented identity-theft losses pay up to $25,000; out-of-pocket time reimbursement at $25/hour (up to 15 hours); free credit monitoring is included.

The evidence

What was breached, what was paid, and where the matter stands now:

3 billion accounts compromised in two of the largest breaches in history Yahoo disclosed in 2016 and 2017 that breaches between 2013 and 2014 had affected every Yahoo account in existence: about 3 billion accounts globally. Yahoo Disclosures (2016 to 2017), SEC Filings
U.S. indicted Russian FSB officers for the breach The Department of Justice indicted four individuals (including two Russian FSB officers) for the 2014 breach of 500 million Yahoo accounts. U.S. Department of Justice (Mar 2017)
$117.5M class action settlement Final approval in 2019 to 2020 of a $117.5M fund providing free credit monitoring, documented-loss reimbursement up to $25,000, time-spent reimbursement at $25/hour, and a small cash alternative. Final Approval Order, Yahoo Data Breach Litigation
Claim filing window has closed The deadline to file new claims was July 20, 2020. New claim filings are no longer accepted. Settlement Administrator Notice

How this case got here

2012 to 2014 Multiple breaches of Yahoo's databases occur.
Sept 2016 Yahoo discloses a breach affecting about 500 million accounts.
Dec 2016 to Oct 2017 Yahoo revises the figure: all 3 billion accounts were affected.
Mar 2017 U.S. DOJ indicts Russian FSB officers and accomplices for the 2014 breach.
April 2019 $117.5M class action settlement is announced.
July 2020 Claim filing deadline. Window closes for new filings.

Where the Yahoo settlement stands now

2012 to 2014 Breaches occur Yahoo's databases are compromised in two of the largest breaches in internet history. Every Yahoo account in existence (about 3 billion) is affected.
Sept 2016 First public disclosure (500M accounts) Yahoo discloses a 2014 breach affecting at least 500 million accounts. Verizon, which was acquiring Yahoo's core business, renegotiates the deal price.
Dec 2016 to Oct 2017 Revised figure: 3 billion accounts Yahoo and Verizon revise the breach scope: all 3 billion accounts that existed were affected.
Mar 2017 DOJ indicts Russian FSB officers The U.S. Department of Justice indicts four individuals (including two Russian FSB officers) for the 2014 breach of 500 million Yahoo accounts.
April 2019 $117.5M class action settlement Settlement reached for $117.5M, providing free credit monitoring, documented-loss reimbursement, time-spent reimbursement, and a small cash alternative.
July 20, 2020 Claim filing deadline Final deadline to file claims under the $117.5M settlement. New claim filings are no longer accepted.

Who qualifies

You likely qualify if

You had a Yahoo, Yahoo Mail, Flickr, or Tumblr (under Yahoo) account between 2012 and 2016
You filed a claim before July 20, 2020

Worth checking if

You were affected and never filed (the window has closed; check the settlement site for any extended status)

You probably don't qualify if

You never had a Yahoo-family account
You missed the July 2020 deadline and have no pending claim

Had a Yahoo account between 2012 and 2016?

The settlement claim window closed in July 2020. The eligibility check above confirms whether you were in the class and what historical record may still be useful.

Check eligibility →

What the Yahoo settlement provided

All claim windows closed in 2020. The breakdown of what the $117.5M settlement paid:

Diagnosis or claim type	Projected payout range	What drives the tier
Documented identity-theft loss reimbursement	Up to $25,000	Window closed July 2020. Out-of-pocket costs from identity theft or fraud tied to the breach, with documentation.
Time-spent reimbursement	$25 per hour (up to 15 hours)	Window closed July 2020. Time spent dealing with breach-related identity issues.
Free credit monitoring (AllClear ID)	2 years	Enrollment closed. Active enrollees received coverage for the program's duration.
Cash alternative payment	Small pro-rated amount	Window closed July 2020. Originally up to $358.80 floor, sharply reduced because of high claim volume.
Paid-user account credit	25% of certain subscription fees	Window closed July 2020. For paid Yahoo Premium subscribers during the breach years.

All windows closed in 2020. The figures above reflect what was paid to claimants who filed before the deadline.

What to do now (post-deadline)

1

Treat your old Yahoo data as exposed

If you had a Yahoo, Yahoo Mail, Flickr, or Tumblr (under Yahoo) account between 2012 and 2016, your email address, password (hashed), security questions, and birth date were exposed. Even if you no longer use the account, the data is in circulation.
Background context, no action.
2

Reset any passwords still tied to that era

If you reuse passwords from your Yahoo era, change them. Enable two-factor authentication on accounts that still use that email. Security-question answers from that era should be considered compromised.
30 to 60 minutes for a thorough password reset across reused accounts.
3

Monitor for ongoing identity-theft activity

Sign up for free credit-bureau alerts. Consider a credit freeze (free in all 50 states) if you have not already.
Free, 15 to 30 minutes per credit bureau.
4

Document any future identity-theft costs

If you experience new identity theft you believe stems from breach-related fraud, save the records. While the Yahoo claim window is closed, state-law consumer-protection statutes may apply.
Ongoing.

Important dates for the Yahoo settlement

All claim windows for the $117.5M settlement closed in 2020. The settlement itself is closed; ongoing identity-theft risk continues.

All claim windows closed July 20, 2020.
Credit-monitoring enrollment closed when claim filing closed.
If you experience new identity-theft costs from breach-related fraud, separate state-law remedies may apply.
California (CCPA), Washington (My Health My Data Act, where applicable), and several other states have additional consumer-protection statutes that can support follow-on claims.

The Yahoo settlement is closed. The eligibility check above confirms breach inclusion (helpful for any state-law follow-on analysis) and routes you to identity-theft monitoring resources.

About the settlement and ongoing risk

claimscout is not the settlement administrator and is not a law firm. The Yahoo settlement is closed; what remains is risk management for exposed data.

Settlement closed: The official administrator (formerly at yahoodatabreachsettlement.com) processed claims through July 2020.
Verizon ownership history: Yahoo's core business was acquired by Verizon in 2017 and is now part of Yahoo Inc. (a separate entity). Legal liability for the breach pre-dates current ownership.
Ongoing risk: Exposed email addresses, password hashes, security questions, and birth dates do not expire. Treat your Yahoo-era data as compromised and act accordingly.
Direct identity-theft help: The FTC's identitytheft.gov is the central federal resource for identity-theft recovery.

claimscout is not affiliated with Yahoo, Verizon, the settlement administrator, the FTC, or any state attorney general's office. We provide informational matching only.

Common questions

Can I still file a claim?

No. The claim filing deadline was July 20, 2020. New claims are no longer accepted under the $117.5M settlement.

How do I know if my account was affected?

If you had any Yahoo, Yahoo Mail, Flickr, or Tumblr account between 2012 and 2016, your account was almost certainly in the breach. Yahoo confirmed in 2017 that all 3 billion accounts were affected.

What was actually exposed?

Names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers. Some bank account and payment-card data was also exposed in certain account sets.

What if I never used my Yahoo account again?

The data was exposed regardless of whether you continued using the account. If you reused the password or security-question answers elsewhere, the risk extends to those other accounts.

Were the perpetrators ever caught?

The DOJ indicted four individuals in March 2017, including two Russian FSB officers, for the 2014 breach. One co-conspirator was later sentenced in U.S. court.

What should I do now?

Treat any password or security-question answer you used in your Yahoo era as compromised. Reset them on accounts where you reused them. Activate two-factor authentication where possible.

Is my data still at risk in 2026?

Yes, especially if you reused passwords or security questions. Stolen credentials are still actively traded; account-takeover attacks against accounts that share your old Yahoo credentials remain a live risk.

Is claimscout the official administrator?

No. The original administrator (at yahoodatabreachsettlement.com) closed claims in 2020. claimscout is an informational matching service.

What does this cost me?

Nothing. We get paid by the law firms or affiliate fees from the court-appointed administrator. You pay zero up front and zero out of any payout you receive.

Will lawyers spam-call me?

Only if you check the consent box. We give you the choice. If you do not consent, your claim is captured and we route it to the administrator directly without sharing your phone number.

Can I file directly without you?

Yes, always. If we route your claim to a law firm, you can choose to file directly with the same firm or pick a different one. We exist because most people throw the notice letter away. We make it not happen.

Is claimscout a law firm?

No. We are not a law firm and do not provide legal advice. We are a platform that captures your claim, qualifies it, and routes it to the court-appointed administrator or a law firm of your choice.