Another day another data leak — This time, it’s 200 Million Yahoo User Data from 2012 data breach available for sale on the Dark Web!
A hacker going by the handle of Peace_of_mind is offering 200 million login credentials of Yahoo users on the Dark Web. If you don’t remember who Peace_of_mind is then he is the same person who previously sold legitimate data from high-profile databases such as those of LinkedIn, MySpace, Fling, and VK.com.
If you are a Yahoo user, an important fact about this breach is that the listed data is not new. In fact, the seller himself mentioned that the database is from the 2012 data breach, probably the one conducted by D33D Company in which 435,000 emails and passwords of Yahoo users were stolen and leaked online. If you have not changed the password for your Yahoo account since 2012 it’s time to do it right now.
Here is a screenshot from the marketplace where Peace_of_mind is selling the data for BTC 3.0000 (821.03 US Dollar)
The seller also shared sample data which shows emails, usernames, secondary emails, zip codes, date of birth and passwords in MD5 format which can be cracked by anyone with access to password breaking tools.
Is the data legit or not?
For now; it’s too early to confirm whether the data is 100% legit or a combination, however, MotherBoard reports that when they tried to contact over 100 of the addresses in the sample set, many returned as undeliverable. “This account has been disabled or discontinued,” read one autoresponse to many of the emails that failed to deliver properly, while others read “This user doesn’t have a Yahoo.com account,” as noted by MotherBoard.
When our reporter used the sample emails to look if anyone of them is using social media and/or were active on any of the social media, we found almost 5 users on Facebook and it seems almost every one of them are pretty much active but then 5 out of 200 million is zero percent usage.
Another hacker vows to leak data online:
While Peace_of_mind wants to make money out of Yahoo data; one guy on Twitter h4x0r claims to leak the whole database online for free. He announced this on his Twitter handle which is already filled with Tweets claiming to have access to data from several other data breaches including Terror World-Check leaked database containing 2.3M records of potential terrorists and criminals.
Here are some tweets from the user claiming to leak Yahoo data soon:
— h4x0r (@imtolame) August 2, 2016
— h4x0r (@imtolame) July 14, 2016
— h4x0r (@imtolame) July 25, 2016