Pixel Envy

Written by Nick Heer.

Yahoo Is Investigating a Possible Leak of 200M Accounts

Joseph Cox, Vice:

On Monday, the hacker known as Peace, who has previously sold dumps of Myspace and LinkedIn, listed supposed credentials of Yahoo users on The Real Deal marketplace. Peace told Motherboard that he has been trading the data privately for some time, but only now decided to sell it openly.

[…]

According to a sample of the data, it contains usernames, hashed passwords (created with md5 algorithm), dates of birth, and in some cases back-up email addresses. The data is being sold for 3 bitcoins, or around $1,860, and supposedly contains 200 million records from “2012 most likely,” according to Peace. Until Yahoo confirms a breach, however, or the full dataset is released for verification, it is possible that the data is collated and repackaged from other major data leaks.

In mid-2012, the login details for around 450,000 Yahoo accounts were publicly leaked. It’s unclear how much overlap there is between this alleged stash of 200 million accounts and those. Even if all of those previously-leaked details were included, that’s still well under 1% of all of the accounts allegedly part of this leak. This year — or, well, decade — really isn’t treating Yahoo very well.