Yahoo is looking into a hacker's advertisement of the sale of 200 million Yahoo user accounts on the dark web, according to BBC News.
First reported by Motherboard, the data is allegedly being sold by Peace — a renowned hacker responsible for MySpace and LinkedIn breaches — for three bitcoins, equivalent to approximately $1,860. The data, which includes usernames, dates of birth, hashed passwords and a few backup email addresses, is from "2012 most likely," according to Peace.
As of Aug. 2, Yahoo has neither confirmed nor denied the breach, instead stating it is "aware of a claim," according to Motherboard. "We are committed to protecting the security of our users' information and we take any such claims very seriously. Our security team is working to determine the facts," the company said in a statement, according to Motherboard. "Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms."
Motherboard tested 5,000 records of the up-for-sale data. Most of the initial 24 usernames matched up with current Yahoo accounts. But upon attempting to get in touch with more than 100 other users, the email addresses did not work. Motherboard received various autoresponses to the mass sending, including, "This account has been disabled or discontinued" and "This user doesn't have a yahoo.com account," according to the report.