The personal data of 200 million Yahoo users was reportedly stolen in hack back in 2012. The hacked data is now said to be up for sale on TheRealDeal Dark web. The breach wasn’t officially confirmed, however, Yahoo is looking into it. The data dump is being sold by a hacker known as Peace_of_Mind, a name connected to other security breaches, including those of LinkedIn, MySpace, Tumblr, Fling.com, and VK.com.
What We Know About the Attack on Yahoo?
The hack dates back to 2012, the same year when Marissa Mayer was named CEO of the company. 4 years are a lot of time. Why did the hacked data surface on the market now? The reason might be the recent acquisition of Yahoo by Verizon.
What was stolen in the Yahoo breach?
The data is sold for 3 BitCoin (around $1800). The stolen information can include:
- MD5-hashed passwords
- Birthdates of users
Other information that may be stolen includes backup emails, countries of origin of the users, and ZIP codes.
The MD5 encryption is pretty easy to crack nowadays, making the passwords pretty much open.
Softpedia has contacted Yahoo about the attack. Their response is quoted bellow:
We are aware of a claim. We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.
How Dangerous Was the Yahoo Hack?
Well, considering that the information is pretty old, it’s likely that this breach isn’t that much a threat. Furthermore, a large chunk of the stolen data belongs to abandoned accounts. This doesn’t mean that the attack is harmless, however. The stolen information can still be relevant to a lot of people. It’s advisable to change your Yahoo password if you have an account there.
A Game of Hacks
Considering Peace_of_Mind was involved in other big hacks, the Yahoo hacks is likely genuine. Some estimates claim that the number of hacked user accounts by Peace can be as high as 800 million. The hacker claims to have made tens of thousands of dollars from the security breaches. It’s likely that the number are going to get higher.