View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Has Yahoo suffered a data breach? 200 million account credentials appear on Dark Web

News: Hacker known as Peace is advertising the credentials on The Real Deal marketplace.

By James Nunns

A data dump of 200 million alleged Yahoo user credentials has hit the dark web.

The hacker known as Peace has started advertising the credentials on The Real Deal marketplace. Peace has previously sold dumps of Myspace and LinkedIn user credentials.

A Yahoo spokesperson said: "We are aware of a claim. We are committed to protecting the security of our users' information and we take any such claim very seriously. Our security team is working to determine the facts.

"Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms."

Motherboard, which first reported the dump, said that it had obtained a small sample of the data and verified that most of the two dozen Yahoo usernames tested did correspond to actual accounts on the service.

However, further tests conducted to attempt to contact over 100 of the addresses in the sample set revealed many returning as undeliverable due to accounts being discontinued, which raises questions as to the validity of the claims by the hacker.

Peace told Motherboard: “well f**k them they don’t want to confirm well better for me they don’t do password reset.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Until Yahoo confirms the breach, or a full dataset is released for verification, it remains possible that the data has been repackaged from other major data leaks.

In a similar fashion to other data leaks like that at Myspace and LinkedIn the records contain usernames, hashed passwords and dates of birth.

Kevin Cunningham, president and founder of SailPoint, said: “Password management is still very much a critical element to an organisations security and risk management programs and one that many organisations are still struggling to get right.

“The most obvious and simple measures are still being overlooked, or often, business users are simply unaware of the potential dangers, which will only get worse as we continue to adopt applications – both cloud and web applications – across the organisation at the rate we have been over the last couple of years, especially without any control or oversight from IT.”?

Currently the credentials are being sold for three bitcoins, which is equivalent to £1,395.

Yahoo has just been acquired by Verizon for $4.8bn following a prolonged debate over what will happen to the struggling internet business.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.