Yahoo Investigating Possible Breach of 200 Million Accounts
Yahoo is investigating a possible data breach after the usernames, hashed passwords, birth dates and back-up email addresses of nearly 200 million users appeared for sale on the dark web.
Peace, the hacker listing the information, said it may be from a 2012 hack, and is selling the data for three bitcoins (about $1,860).
Yahoo has not yet confirmed or denied the breach. The company told Motherboard it is aware of the hacker’s claims, but it always works to keep its users safe.
“And we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
Motherboard obtained a sample of 5,000 records, and found most information corresponds to actual accounts. However, over 100 of the addresses didn’t work, and the tester received “This account has been disabled or discontinued,” or “This user doesn’t have a yahoo.com account” auto responses.
The passwords were hashed, since Yahoo uses the MD5 algorithm to hash the information. Professor Alan Woodward, a security expert, told BBC, “The algorithm MD5 is considered to be weak, and for the vast majority of passwords it is easy to reverse what it was using what we call a dictionary attack.”