Yahoo is investigating an alleged breach of 200 million Yahoo accounts, leaving email addresses, back up email addresses, birthdates and user passwords exposed…
Yahoo has been notified 200 million user accounts have been placed up for sale on the dark web by the same hacker, peace_of_mind, that was allegedly responsible for the massive MySpace and LinkedIn breaches. Yahoo is not reporting any form of breach at this time, as they remain in the investigation phase.
A sample of the records were tested for validity, and several of the email addresses came back as undeliverable. It is unknown if these records are simply from past breaches and have since been deactivated, or if the records on the dark web are fake. ThreatPost reported it would be incredibly difficult to fake a dataset of this magnitude.
Yahoo made the following statement to ThreatPost about the claims:
“We are aware of a claim. We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts.”
For now, it’s better to be safe than sorry. If you have a Yahoo account, it would be in your best interest to, at a minimum, change your password.