- Credentials for 200m alleged Yahoo accounts being sold for 3 bitcoins
- This translates to about $1,860, and data reveals usernames and birth date
- Tests of a sample set show some usernames correspond to real accounts
- But, Yahoo has neither confirmed nor denied the hacker's claims
A cybercriminal known as ‘Peace’ has listed the credentials for 200 million alleged Yahoo accounts for sale on the dark web.
Samples of the data reveal usernames and dates of birth, along with other bits of personal information – and the massive set is being sold for just 3 bitcoins, roughly $1,860.
Yahoo has neither confirmed nor denied the claims, and many users may now want to change their passwords.
The hacker posted the listing on The Real Deal marketplace on Monday, Motherboard reveals, after first trading it privately.
This same cybercriminal has previously sold data from Myspace and LinkedIn.
According to Motherboard, who was able to obtain 5,000 records, many of the usernames tested correspond to real Yahoo accounts.
But, attempts to contact more than 100 of these resulted in messages returned as undeliverable, indicating that the account had either been disabled, or did not exist on the platform.
Yahoo has said it is aware of the claims, but the firm has not revealed whether this dataset is legitimate.
‘We are aware of a claim,’ a Yahoo spokesperson told Motherboard in an email.
‘We are committed to protecting the security of our users’ information and we take any such claim very seriously.
'Our security team is working to determine the facts.
‘Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.’
Without confirmation or the release of the full dataset, it remains unclear when these records are from, and if this marks a new or legitimate data breach.
The hacker has told Motherboard that the dataset is from ‘2012 most likely.’
But, the information could have been taken from earlier leaks.
The recent scare comes just months after it was found that Russian hackers were trading hundreds of millions of stolen usernames and passwords belonging to Gmail, Hotmail, and Yahoo accounts.
Details of 40 million Yahoo Mail users, 33 million Hotmail users and 24 million Gmail accounts were in the data being traded.
The breach revealed in May is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major US banks and retailers two years ago.
The increasing threat of cybercriminals has prompted many companies, including Facebook and Netflix, to urge their customers to change their login details if they find matching credentials with other sites.
Post a Comment