After a hacker going by the name of Peace put up for sale a cache of what’s alleged to be 200 million stolen Yahoo user account credentials earlier this week, the Internet company says it has started investigating the matter, claiming that it is taking this breach “very seriously”.
Peace has listed an advert on the TheRealDeal marketplace claiming that about 200 million Yahoo accounts are up for sale for three Bitcoins (roughly Rs. 1,07,000). The cache supposedly contains usernames, passwords, and dates of birth, and appear to be hashed by the md5 algorithm, Motherboard reports. The hacker has also submitted a way to unscramble the hashed credentials as well, and claims the cache contains records that are from “2012 most likely.”
Yahoo has confirmed that it is aware about this data breach, and is investigating it. “Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms,” the company told Motherboard.
Peace is also known for selling data dumps of other major tech companies like MySpace and LinkedIn. This data is especially useful for phishers who look to monetize through illegitimate ways. Motherboard got hold of a small sample of 5000 Yahoo accounts, and when it tested about a hundred of them; it found out that most IDs seem to be inactive, disabled, or discontinued.
Because of this, it’s being speculating that either the data is too old to be considered valuable or the advert is just fake. Yahoo gave away very little about the investigations and only said that it was “working to determine the facts”. If real, affected users can expect password reset links to be sent to them at some point.
Verizon recently bought Yahoo’s core business for $4.83 billion (roughly Rs. 32,500 crores). Yahoo will be rolled into Verizon’s AOL operations and CEO Marissa Meyers will be working again with AOL CEO Tim Armstrong, who worked with Mayer at Google for years and tried unsuccessfully to convince her to combine the two companies when they both remained independent.