Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web.
200 Million Yahoo! Logins for 3 BTC
The hacker, who goes by the pseudonym “Peace” or “peace_of_mind,” has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824).
The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for United States users.
Easily Crackable Passwords
Since the passwords are MD5-encrypted, hackers could easily decrypt them using an MD5 decrypter available online, making Yahoo! users open to hackers.
In a brief description, Peace says the Yahoo! database “most likely” comes from 2012, the same year when Marissa Mayer became Yahoo’s CEO.
When reached out, the company said in a statement:
“We are committed to protecting the security of our users’ information and we take such claim very seriously. Our security team is working to determine the facts…we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
Use Password Managers to Secure Your Online Accounts
Although the company has not confirmed the breach, users are still advised to change their passwords (and keep a longer and stronger one using a good password manager) and enable two-factor authentication for online accounts immediately, especially if you are using the same password for multiple websites.
You can also adopt a good password manager that allows you to create complex passwords for different sites as well as remember them for you.
Source: hacker news