A listing published on popular Dark Web marketplace Real Deal for sale, consisted data of more than 200 million Yahoo users.
According to various media reports, Yahoo said that it is investigating the breach but the listing made available by infamous hacker Peace_of_Mind (Peace) confirmed the incident.
This is the same hacker who sold data dumps from other prominent online networking sites such as LinkedIn, MySpace, Tumblr, Fling.com, and VK.com.
One report pointed out that the hacker has allegedly sold credentials of over 800 million users.
While the listing has been discovered recently, the hacker suggested that the data is old and dates back to 2012 when the company fell victim to a major breach conducted by hacker group D33ds Company.
After Verizon’s acquisition of Yahoo, the probable modus operandi of the hacker seems to make some money by selling the accounts in case the existing accounts are put to rest or integrated in to other services.
The entire data has been put up for sale by the hacker for 3 Bitcoin, which is approximately $1,800. The sample provided by Peace included valuable information such as usernames, MD5-hashed passwords, and other personal information.
Even though the passwords are encrypted, it should be noted that MD5-encryted passwords can be hacked easily.
However, when Yahoo was asked to comment on the issue, it gave a rather generic statement, pointing out how users can keep their accounts safe.
With increasing hacker-friendly tools in the market, users should try using stronger passwords and better anti-virus software.