A data dump of 200 million alleged Yahoo user credentials has hit the dark web.
The hacker known as Peace has started advertising the credentials on The Real Deal marketplace. Peace has previously sold dumps of Myspace and LinkedIn user credentials.
A Yahoo spokesperson said: "We are aware of a claim. We are committed to protecting the security of our users' information and we take any such claim very seriously. Our security team is working to determine the facts.
"Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms."
Motherboard, which first reported the dump, said that it had obtained a small sample of the data and verified that most of the two dozen Yahoo usernames tested did correspond to actual accounts on the service.
However, further tests conducted to attempt to contact over 100 of the addresses in the sample set revealed many returning as undeliverable due to accounts being discontinued, which raises questions as to the validity of the claims by the hacker.
Peace told Motherboard: “well f**k them they don’t want to confirm well better for me they don’t do password reset.”
Content from our partners
Until Yahoo confirms the breach, or a full dataset is released for verification, it remains possible that the data has been repackaged from other major data leaks.
In a similar fashion to other data leaks like that at Myspace and LinkedIn the records contain usernames, hashed passwords and dates of birth.
Kevin Cunningham, president and founder of SailPoint, said: “Password management is still very much a critical element to an organisations security and risk management programs and one that many organisations are still struggling to get right.
“The most obvious and simple measures are still being overlooked, or often, business users are simply unaware of the potential dangers, which will only get worse as we continue to adopt applications – both cloud and web applications – across the organisation at the rate we have been over the last couple of years, especially without any control or oversight from IT.”?
Currently the credentials are being sold for three bitcoins, which is equivalent to £1,395.
Yahoo has just been acquired by Verizon for $4.8bn following a prolonged debate over what will happen to the struggling internet business.
