All the Yahoo Account holders must with immediate action change their login credentials. A hacker that uses the alias 'Peace' claimed to have details of about 200 million Yahoo accounts.
As reported by Motherboard, Peace is putting up a sale of the cache of these accounts with the asking price of 3 bitcoins ($1800). He listed an ad on the RealDeal marketplace. Motherboard got to virtual talk with the hacker.
The cache may contain usernames, passwords, date of births, and seems hashed with md5 algorithm. The hacker also posted a way to unscramble the hashed credentials. He says the records most likely are from 2012.
Yahoo told Motherboard that the company would take strict actions against any such breach. The company says it's a dangerous thing and has started investigating it. It further adds that the security team is on it.
Yahoo claims, it works hard to keep its users safe. It has always encouraged them to have strong passwords. Also, it advises them to give up their passwords using Yahoo account key. Hence the users can have different passwords for different accounts.
The same hacker was behind the recent MySpace and LinkedIn data dump sales. These data come handy to the phishes seeking illegal earnings by phishing. The motherboard was able to get a sample of 5000 Yahoo accounts, and it tested about 100 of them. Most of them were deactivated accounts.
The testing by the Motherboard implies that the data is not of much value. Either the data is way too old, or the ad was fraudulent. Yahoo refused to talk much about the matter and just said that the security team is investigating. The affected users can soon receive the links for reset of their password.
The Technical Director of HPE Security shows concerns over the matter. He feels that these data hold high valuation for attackers and phishers. Even if the information is several years old, it's usable for engineered social attacks. Attackers can use these data for phishing or dig deeper systems to gain the data to monetize.
Verizon recently bought the core assets of Yahoo. Yahoo will now be under the AOL operations of Verizon. This means that the Yahoo CEO, Marissa Meyers will again collaborate with the AOL CEO, Tim Armstrong. They both worked together at Google for years. Armstrong once tried to convince Meyers to combine both the companies. His efforts did go in vain back then.