Data Breach

Peace is advertising 200 Million alleged Yahoo accounts on Dark Web

The notorious hacker Peace is advertising 200 Million alleged Yahoo accounts on Dark Web, and the company is aware of the sale.

Do you remember the notorious hacker Peace?

He is the hacker that offered for sale the dumps of LinkedIn and MySpace, and now he has once again a surprise for the security experts.

Peace is advertising 200 million of alleged Yahoo user credentials (from “2012 most likely,”) on the dark web. Yahoo is aware of the amazing sale but it hasn’t commented yet. The hacker is offering the data for 3 bitcoins (roughly $1,800).

Peace is advertising the Yahoo login credentials on The Real Deal black marketplace, according to Motherboard that reached the notorious hacker, he has been trading the data privately for some time, but only the sale is public.

The Yahoo security team is currently investigating the event, meantime, it urges its users to use strong passwords, use different passwords for different and enable two-factor authentication when it is available.

The records in the dump contain usernames, MD5-hashed passwords, dates of birth, and sometimes backup email addresses.

At the time I was writing is still unclear if data has been stolen from Yahoo, or it has been collated from other major data leaks.

Motherboard obtained by Peace a small sample of the data composed of 5000 records before it was publicly offered for sale. Experts verified the data and found that most of the two dozen credentials still belong to active accounts.

“This was done by going to the login section of Yahoo, entering the email address, and clicking next; when the email address wasn’t recognised, it was not possible to continue.” wrote Joseph Cox from Motherboard.

Cox also added that when Motherboard attempted to contact over 100 of the addresses included in the sample, many returned as undeliverable.

“This account has been disabled or discontinued,” read one autoresponse to many of the emails that failed to deliver properly, while others read “This user doesn’t have a yahoo.com account.”

Stay Tuned!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Data Breach, Dark Web)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

1 hour ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

5 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

19 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.