Yahoo is currently probing the legitimacy of a data breach, following reports of over 200 Million user accounts being sold on the dark web. The accounts are being sold by a hacker who has previously stolen and sold user accounts from both LinkedIn and MySpace.
The details of the sale were initially reported by Vice’s Motherboard and show that the data contains usernames, passwords, dates of birth for individuals as well as well as back up addresses for various users with most of the data from 2012. The hacker wants 3 bitcoins (Kshs. 185,000) for the data dump. According to BBC, the user password is hashed using the MD5 algorithm which makes them scrambled. However, the hacker is also issuing a guide on how the hash algorithm works.
Motherboard tested a sample of the data and found that most of the usernames tested did not correspond to accounts of the service which may lead to the questioning of the authenticity of the breach. On its part, Yahoo has said its investigating the claims stating its taking them seriously and working to verify the authenticity. In a statement to Motherboard, the company said “Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.” Following up on this story and will keep you posted as it emerges.