Credentials from 200 Million Yahoo Accounts Reportedly for Sale Online

A hacker who has previously offered to sell user data from MySpace and LinkedIn on the Dark Web is reportedly now shopping around the credentials of 200 million Yahoo users.

The cyber thief, who goes by the name "Peace," is seeking to sell the Yahoo data for three bitcoins (a little over $1,730), according to a report yesterday by Motherboard. Peace is quoted as saying that the information, which "most likely" dates to 2012, includes usernames and hashed passwords, along with dates of birth, among other data.

"We are aware of a claim," a Yahoo spokesperson told us by email today. The spokesperson said the company's security team "is working to determine the facts." She added that Yahoo advises people to protect their account information by using strong passwords or "give up passwords altogether by using Yahoo Account Key."

The news that this breached data up for sale comes just a week after Verizon announced it would be acquiring Yahoo for $4.83 billion. The transaction is expected to close early next year.

'Glut' of Stolen Credentials for Sale

This latest Dark Web offer continues an ongoing "yard sale" of stolen credentials, Christopher Budd, the global threat communications manager at the security firm Trend Micro, told us today.

"There's been an emerging trend over the past four to six months of [large amounts of data] sold for low, low prices," Budd said. "It's reflecting a glut in terms of quantity." There's recently been such an oversupply of stolen credentials that prices have not only plateaued, but are now dropping, he said.

While there will likely always be a market for stolen user credentials at some price, more innovative hackers will increasingly turn to higher-value data such as credentials for Uber or onling gaming sites, Budd added. Email credentials will also continue to hold value...

Comments are closed.