Do you remember the notorious hacker Peace?
Peace is advertising 200 million of alleged Yahoo user credentials (from “2012 most likely,”) on the dark web. Yahoo is aware of the amazing sale but it hasn’t commented yet. The hacker is offering the data for 3 bitcoins (roughly $1,800).
Peace is advertising the Yahoo login credentials on The Real Deal black marketplace, according to Motherboard that reached the notorious hacker, he has been trading the data privately for some time, but only the sale is public.
The Yahoo security team is currently investigating the event, meantime, it urges its users to use strong passwords, use different passwords for different and enable two-factor authentication when it is available.
The records in the dump contain usernames, MD5-hashed passwords, dates of birth, and sometimes backup email addresses.
At the time I was writing is still unclear if data has been stolen from Yahoo, or it has been collated from other major data leaks.
Motherboard obtained by Peace a small sample of the data composed of 5000 records before it was publicly offered for sale. Experts verified the data and found that most of the two dozen credentials still belong to active accounts.
“This was done by going to the login section of Yahoo, entering the email address, and clicking next; when the email address wasn’t recognised, it was not possible to continue.” wrote Joseph Cox from Motherboard.
Cox also added that when Motherboard attempted to contact over 100 of the addresses included in the sample, many returned as undeliverable.
“This account has been disabled or discontinued,” read one autoresponse to many of the emails that failed to deliver properly, while others read “This user doesn’t have a yahoo.com account.”
(Security Affairs – Data Breach, Dark Web)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.