An advert for the email addresses and passwords of 200 million Yahoo accounts has popped up on the dark web, offering the data for sale for about $2,000.
Advertisement
First reported by Motherboard, the data is allegedly being sold by Peace – a renowned hacker responsible for MySpace and LinkedIn breaches – for three bitcoins, equivalent to approximately $1,860. Earlier, the hacker sold login credentials for Linked and Tumblr users. Numerous leaked accounts also contain usernames, hashed passwords, dates of birth, and even back-up email addresses. The website also tested around two dozen Yahoo usernames, but in many cases was told that those accounts don’t exist, suggesting that this data is old and at least somewhat outdated. “Finally, reset your online service passwords such as your bank, if you think your email may have been compromised, since many SaaS apps use email to confirm password changes”.
It’s unclear if the Yahoo login credentials came from a stolen company database or were obtained though some other hacking method.
Nobody knows yet how Peace managed to access all of this information, although, he claimed in an interview with Wired that “all these [organizations] have been hacked through [a now disbanded] team”.
A notorious hacker named “Peace” appears to be behind the hack, the latest in a series of attacks to hit major social networks.
Yahoo said it urges users to create strong, unique passwords but also points them to Account Key. The cache supposedly contains usernames, passwords, and dates of birth, and appear to be hashed by the md5 algorithm, Motherboard reports. “When it comes to Yahoo accounts, the database most likely comes from 2012”.
Amid news of data breaches happening just about everywhere at a staggering pace, it would seem that infamous hacker Peace is at it again. When the reporter attempted to contact the breached accounts, however, numerous emails were returned as “undeliverable”.
Yahoo said in a statement it is “working to determine the facts”.
Advertisement
Brendan Rizzo, technical director for EMEA at HPE Security, said the incident underlined the lengths hackers will go to in order to get the data they want, meaning all users should be on their guard.
