Privacy News Data of 200 Million Yahoo Users Pops Up for Sale on the Dark Web

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hacker is asking for $1,800 for the entire data set

data-of-200-million-yahoo-users-pops-up-for-sale-on-the-dark-web-506864-4.png


A listing has been published today on TheRealDeal Dark Web marketplace, claiming to be offering data on over 200 million Yahoo users.


While Yahoo says it is currently investigating the breach, the listing has almost instant credibility since it's been put up for sale by the infamous Peace_of_Mind (Peace), the same hacker behind many other verified and proven breaches.

If the name still doesn't ring a bell, you should know that Peace previously sold data dumps from sites such as LinkedIn, MySpace, Tumblr, Fling.com, and VK.com. In total, this hacker sold the personal details of over 800 million users, and probably more.

Data breach dates back to 2012

According to the listing's descriptions, Peace says the data is old, approximately from 2012, the same year when Marissa Mayer was named Yahoo's CEO. Back in 2012, the hacker group D33ds Company reported hacking Yahoo, but the company admitted to only losing 450,000 user records during the incident.

Last week, Yahoo was acquired by Verizon for $4.8 billion. Since nobody knows Verizon's plan for Yahoo, the hacker's probable plan is to monetize the user accounts before they lose any more value, in the case Verizon decides to ditch them or integrate them into other services.

In a conversation with Softpedia about his recent Dark Web listing, Peace told your reporter that "I am not aware when Marissa Mayer started working, however in 2012 is when the database was dumped by [the] same [R]ussians of linkedin, vk, tumbr etc etc. asically anything I sell is from the group."

Read more Data of 200 Million Yahoo Users Pops Up for Sale on the Dark Web
 

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
source: 200 million Yahoo passwords being sold on the dark web?
A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is “aware” of the hacker’s claims, but has not confirmed nor denied the legitimacy of the data.

On Monday, the hacker known as Peace, who has previously sold dumps of Myspace and LinkedIn, listed supposed credentials of Yahoo users on The Real Deal marketplace. Peace told Motherboard that he has been trading the data privately for some time, but only now decided to sell it openly.

When a hacker advertises a huge horde of login details for sale there are often more questions than answers:

  • How many (if any) of the credentials are legitimate? There may be 200 million-or-so being sold, but that doesn't mean you'll be able to break into 200 million accounts.
  • What is the origin of the data? Has the data been collected through phishing attacks? Or Has the data been collated from the mega breach of another online service (like LinkedIn or MySpace), and just evidence that yet again folks have made the mistake of reusing passwords?
  • Are the credentials for current accounts or for old, stale accounts that may have been closed down or had their passwords changed long ago?
  • Is there any evidence of a security breach at Yahoo that could have resulted in login credentials spilling out? (This would be most worrying, but thankfully seems least likely)
Not all of these questions are necessarily easy to answer with absolute certainty.

But what is clear is that your Yahoo account will be a lot safer if you have enabled two-step verification and have learnt to never reuse passwords.

If you're not being sensible about your online security, take appropriate steps now to harden your Yahoo account. Because even if this current scare ends up not impacting your account, there is always the danger that you could become a victim in the future.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
As a user, we are responsible to maintain and improve the security, cause those service providers are already exert efforts especially when breach attacks came no where.

UPDATE [August 2, 2016]: We were made aware of a similar report on Peace's Yahoo listing from Motherboard. The publication received a batch of 5,000 Yahoo credentials from Peace, and after testing a few, they found that a large batch of the data belonged to abandoned email accounts. This is consistent with a Yahoo annoncement from 2013, when the company decided to deactivate inactive accounts and even free up inactive IDs for re-registration. This doesn't mean Peace's data is fake.

Softpedia has also acquired a supposed copy of the Yahoo! Voice breach by D33Ds Company from 2012, thanks to @Cyber_War_News. Preliminary tests carried out by Cyber War News showed no connection between Peace's sample data and the 2012 data. We we'll update the article when our own analysis concludes. ,/quote]

In case you miss it, direct from the updated article.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top