Recently, experts have discovered a sample of Yahoo accounts in an advert in the dark web. Currently, experts are trying to determine if the Yahoo accounts in the ad are legitimate. In the event they are, then some 200 million Yahoo accounts are on sale in the Dark Web. The ad contains the Yahoo ID and the passwords.
The 200 million Yahoo accounts are on sale for $2,000. The seller is a vicious cybercriminal with a reputation called Peace_of_mind. The seller was responsible for the sale of LinkedIn accounts and MySpace account recently. Peace_of_Mind is a shady dark web data dealer. He or she is popular for selling data from databases of the world’s largest companies.
According to Troy Hunt, one of the world’s experts in data breaches, this advert of the Yahoo accounts suggests that Yahoo was hacked sometime in the past few years. Hunt owns a website called “Have I been owned” which allows users to determine if and how their emails have been hacked.
Going by the seller’s reputation, there is a high chance that the claims are valid. The seller is responsible for the sale of over 1 billion hacked accounts. He or she has sold 167 million LinkedIn accounts, 70 million Tumblr accounts, 300 million MySpace accounts and 70 million Twitter accounts.
The seller first provides a sample of the data for potential buyers to prove the legitimacy of the data. Once the buyers have a taste of the data, they will, definitely, want more. The ABC reports that it has 500 million of the records on sale, which the seller posted in the dark web to lure potential buyers. Nonetheless, many of the email IDs seem not to be working, or are too old or are not real altogether.
Hunt is yet to see the data, but he tends to suggest given the track record of the seller, the claims are more likely true than false. The seller’s account in the Dark Web has 75 positive reviews, plus a 100 percent successful feedback score. Previous buyers are extremely happy with the service, why would the seller ruin the reputation by posting something that does not exist?
Hunt continues to explain anyone buying the accounts would be up to no good. “For instance, the buyers would go through the email accounts and determine which of the accounts may unlock other accounts such as Gmail,” he said. After Gmail, they may check social media accounts and also check if the email accounts link to bank accounts. In other words that data could be very useful in other data breaches and even identity theft.
Yahoo has since responded to these claims: “Yahoo values the security of customers and we take such claims seriously. We have a team of security experts looking into the matter. We work hard to keep our users safe. We encourage them to use strong passwords or use Yahoo Account Key.”
Of course, don’t wait for others to protect you, so practice good password management, and carry a strong VPN.