Finding out that a business you’ve trusted with your email, searches, and login information—possibly for more than ten years—has been compiling a comprehensive profile of your identity, purchases, online activities, and TV viewing habits is subtly unsettling. Until a lawsuit comes to light, most people are unaware. And that has occurred multiple times with Yahoo.
Unbeknownst to most users, the Yahoo class action lawsuit has a longer history. A significant $117.5 million settlement was reached in a lawsuit related to a number of data breaches that happened between 2012 and 2016, impacting users who were residents of Israel or the United States and had Yahoo accounts during that time. The breaches were severe; malicious actors gained access to systems, and personal information was stolen in multiple cases. Credit monitoring services, alternative cash payments of up to $100 (and occasionally more, depending on participation levels), and reimbursement of up to $25,000 for documented out-of-pocket losses were all provided by the settlement to impacted users. Included were premium Yahoo Mail subscribers and small business owners who utilized Aabaco services.
For a while, it appeared as though the situation was headed toward some sort of conclusion. Both Orange County Superior Court and the Northern District of California courts were involved. As is always the case with cases of this magnitude, the legal system moved slowly. However, the tale didn’t stop there. With tech companies, it seldom does.
A new lawsuit was filed in April 2025, and it raises issues that are even more unsettling than a data breach. According to this lawsuit, Yahoo created ConnectID, an email-based identifier that was introduced in 2020 and intended to track users across websites, apps, and devices without the need for conventional cookies. It’s important to note the timing. According to the lawsuit, Yahoo discovered a workaround as mobile platforms and browsers started limiting third-party cookies in the name of privacy. A user is given a ConnectID linked to their email address when they log into Yahoo Mail, Yahoo Sports, AOL, TechCrunch, or any of a variety of partner services. According to the lawsuit, that ID then tracks them through almost 50,000 publisher domains. Many users might be unaware that this is taking place. Perhaps the most concerning aspect is that.
According to the lawsuit, Yahoo assembled what is described as a massive pool of profile data covering at least 300 million users by combining data from ConnectIDs with information from its own websites, subsidiaries, advertising products, and AI systems. A “highly profitable” advertising operation, according to the case, is fueled by browsing habits, purchase history, location patterns, and viewing behavior. The complaint is straightforward: users were not meaningfully informed that this tracking was taking place, nor did they give their consent.
As this develops, there’s a feeling that the Yahoo lawsuit is a part of a larger online reckoning. In years when there was little public awareness and little regulation, businesses built entire business models around data collection. These models are currently being investigated in court.
The Yahoo Class Action Lawsuit 2026 is significant because it addresses a genuine issue: the subtle deterioration of the notion that your online life is, at least partially, your own. It is unclear if the courts will ultimately decide in the plaintiffs’ favor. However, the case is a signal in and of itself. Now, users are paying attention. Judges are becoming more and more like this.
