Surprise, surprise, Yahoo has been hacked AGAIN. This time, 200 million Yahoo accounts are supposedly being shopped around for 3 bitcoins, or roughly $1,800 USD.
A hacker known as Peace has listed the alleged credentials of Yahoo users on The Real Deal marketplace. He had been trading the data privately, but decided to go public on the dark web. Peace is also supposedly responsible for selling recent dumps of MySpace and LinkedIn accounts.
Yahoo has yet to confirm the security breach. The company stated, “We are aware of a claim...We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts.”
Peace responded, “Well f***them they dont want to confirm well better for me they dont do password reset.” According to Peace, the data contains usernames, hashed passwords, dates of birth, and backup email addresses dating back to 2012. Until Yahoo confirms the security breach, the exact data will be unknown. It is possible that the data is from other major security breaches and not Peace’s personal handiwork. Motherboard conducted its own test and found that the email addresses they obtained were mostly disabled or discontinued.
Russian hackers broke into 40 million Yahoo accounts this past May. They claimed to have access to 272 million different email accounts and demanded only 50 roubles, or less than one United States dollar for the information. Last August, Yahoo was also the victim of a “malvertising” attack. Hackers purchased ads across Yahoo's various sites and then injected them with malicious code. The malware would then seek out vulnerable versions of Flash to deliver payloads and ultimately take control of a PC.
Yahoo does not automatically perform password resets when hacked. But if you have a Yahoo account, it wouldn't hurt to change your password now just as a precaution.