Hacker claims to have 200 million Yahoo credentials for sale
A hacker is selling what they claim to be 200 million Yahoo users’ account credentials on the Dark Web. The data reportedly includes usernames, passwords, dates of birth and for some records the back-up email addresses supplied as part of the sign-up process.
According to Motherboard, the cyber criminal behind the alleged breach is Peace – the hacker who previously broke into MySpace and LinkedIn.
The seller claims the data is likely from 2012, and has put the considerably-sized database up for sale on The Real Deal for three Bitcoins (£1,370).
Yahoo said it was aware of the claim and was investigating.
“We are committed to protecting the security of our users’ information and we take any such claim very seriously,” it told Motherboard.
“Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
Security experts said the risk posed to potentially affected users shows the need for them to use security measures beyond a username and password.
“This year has seen a huge number of compromised user credential breaches from big companies,” said James Romer, chief security architect for Europe at SecureAuth.
“Last week it was O2, this week the alleged credentials belong to customers of Yahoo. But LinkedIn, Twitter and the National Childbirth Trust have all apeared on the 2016 hit list.
“It’s estimated that around 60 per cent of fraudulent cyber crimes are committed using stolen credentials, and we say time and again, having a simple password and username login process is not enough with the advances in cyber crime and the increasing value of personal data.”
He added that more firms should offer users the option to use unique behavioural identifiers to log into their accounts, meaning that their passwords are not open to fraud and stolen credentials cannot be reused.