Yahoo, the former web giant that once allegedly passed up the opportunity to buy both Google and Facebook, and was sold to Verizon last week for a fraction of what it was once worth, is investigating a possible huge data breach of its users credentials.
The hacker known as ‘Peace’ has listed the alleged account details for 200 million Yahoo users for sale on the Dark Web for the bargain price of 3 bitcoins, an amount equivalent to just under US$2000.
The same hacker has been previously linked to the sale of huge tranches of user details from other sites such as MySpace and LinkedIn. ‘Peace; stated that the data for sale was most likely to have come from 2012.
The data was uploaded to The Real Deal site and is said to include details such as usernames dates of birth, and in some instances, back up email addresses, and for US users, their zip codes.
Yahoo who initially refused to comment on the news, later released a statement:
“We are committed to protecting the security of our users’ information and we take such claim very seriously. Our security team is working to determine the facts…we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
Account information obtained by Motherboard has found that some of the hacked data is real at least. The first 24 accounts they tested did correspond to real Yahoo accounts. However, when they attempted to contact the users they either received ‘undeliverable’ messages or auto responses with “This account has been disabled or discontinued,” indicating that ‘Peace’s’ claim that the data came from around 2012 was at least accurate.
Security experts have urged any user who has, or even used to have a Yahoo account to log in, change their passwords or disable their account.