Breach, Data Security

Hacker “Peace” purportedly selling 200 million Yahoo user credentials on dark web

Yahoo and the company's users may be facing a data breach of epic proportions if a hacker who claims to be hawking 200 million Yahoo account credentials is proven true.

A hacker who goes by the name Peace told Motherboard he was selling the account information on The Real Deal Marketplace located on the dark web. Peace is charging 3 bitcoins, or about $1,800 for the data that Motherboard said contains usernames, hashed passwords, dates of birth and some back up email addresses.

“We are aware of a claim. We are committed to protecting the security of our users' information and we take any such claim very seriously. Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms," a Yahoo spokesperson told SCMagazine.com in an emailed statement.

Adam Levin, chairman and founder of IDT911, commented to SCMagazine.com in an email that, “ While Yahoo has not confirmed that the data being sold consists of real user credentials, it hasn't denied it either. This is an ominous sign – especially in light of the recent Myspace and LinkedIn compromises.”

Peace has also been linked to the sale of data dumps of LinkedIn and MySpace data.

Yahoo claims to have 1 billion active monthly users.

Levin added that Yahoo account holders should be vigilant and even though Yahoo has not reset its user's passwords those people should move ahead and do so on their own.

The news of the possible breach comes just one week after Yahoo announced its operating business was being acquired by Verizon fr $4.3 billion.

Updated to include Yahoo's statement.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.