Yahoo probing online hack involving 200mn accounts

CIOL Writers
New Update
CIOL Yahoo probing online hack involving 200M Accounts

Nations across the globe are witnessing an alarming rise in cyber crimes. However, this time, it’s the search engine Yahoo that is at the receiving end of a major hack.


A hacker has put up for sale a cache of what's alleged to be 200 million stolen Yahoo user account credentials and the Internet company says that it has started investigating the matter, claiming that it is taking the breach "very seriously".

On Monday, the hacker known as Peace, who had previously sold dumps of 117 million LinkedIn account details, 65 million Tumblr emails, and 360 million MySpace credentials , listed supposed credentials of Yahoo users on The Real Deal marketplace. The listed accounts –which are believed to be stolen back in 2012 - contain usernames, passwords, and dates of birth, and appear to be hashed by the md5 algorithm -are up for sale for three Bitcoins i.e. around $1,860.

Motherboard, which covered the story, was personally supplied with a small number of accounts from Peace and found that most of the Yahoo usernames tested did correspond to actual accounts on the service. Motherboard's report stated, "When attempted to contact over 100 of the addresses in the sample set, many returned as undeliverable. This account has been disabled or discontinued,' read one autoresponse to many of the e-mails that failed to deliver properly, while others read 'This user doesn’t have a account.'"


A Yahoo spokesperson confirming that the company is aware of this data breach, and is investigating it, said, "We are aware of the claim. We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”

This data is especially useful for phishers who look to monetize through illegitimate ways. If the hacker's claim is real, affected users can expect password reset links to be sent to them at some point.

yahoo cybercrime