The Telegraph: 200 million Yahoo account details allegedly for sale online

August 2, 2016 — 200 million Yahoo account details allegedly for sale online

Lisa Baergen, VP at NuData Security comments on this Yahoo data breach.

Passwords, usernames and dates of birth for what appear to be 200 million Yahoo accounts have been put up for sale online.

The huge cache of personal data has been posted to a marketplace on the dark web by a cybercriminal with the moniker “Peace”, who has previously sold millions of passwords and email addresses stolen from MySpace and LinkedIn.

Yahoo said it is “aware” of the claim that its customers’ data is being sold online and is “working to determine the facts”, including if the details are legitimate and if they were retrieved in a hack. The company, which sold to Verizon for $5 billion last week, has not confirmed a breach.

It is possible that the account details, which include scrambled passwords that require a key to be read, were obtained in an unconfirmed breach, or that they have been repackaged from other stolen data.

Lisa Baergen, a director at NuData Security, speculated that Verizon probably refused a “demand for extortion” from Peace, who then put the data up for sale online.

“All indications are that this is an old breach from 2012, prior to Yahoo changing the method in which they store and protect passwords,” said Baergen. “This dark web sale of old data appears to have been triggered by the sale of Yahoo to Verizon.”

For the complete article, go here.