Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web.
The hacker, who goes by the pseudonym “Peace” or “peace_of_mind,” has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824).
The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for United States users.
Since the passwords are MD5-encrypted, hackers could easily decrypt them using an MD5 decrypter available online, making Yahoo! users open to hackers.
In a brief description, Peace says the Yahoo! database “most likely” comes from 2012, the same year when Marissa Mayer became Yahoo’s CEO.
Although the company has not confirmed the breach, users are still advised to change their passwords (and keep a longer and stronger one and enable two-factor authentication for online accounts immediately, especially if you are using the same password for multiple websites.
Just last week, Verizon acquired Yahoo! for $4.8 Billion. So, the hacker decided to monetize the stolen user accounts before the data lose its value.
When reached out, the company said in a statement:
“We are committed to protecting the security of our users’ information and we take such claim very seriously. Our security team is working to determine the facts…we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”