Yahoo is investigating a massive data breach after the apparent user names, passwords and birth dates of up to 200 million users appeared for sale online. The information is being sold by a hacker known as “Peace” for three bitcoins, or about $1,860.
A Yahoo spokesperson said:
“We are aware of a claim. We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
Motherboard, which first reported the alleged breach, said it was able to acquire a sampling of some of the information for sale and found most actually correspond to accounts on the service.
“When [we] attempted to contact over 100 of the addresses in the sample set, many returned as undeliverable,” said Motherboard’s report. “‘This account has been disabled or discontinued,’ read one autoresponse to many of the e-mails that failed to deliver properly, while others read ‘This user doesn’t have a yahoo.com account.”
‘Peace’ admitted that the data was most likely from 2012, and there’s a good chance that the information might have been collated from other hacks.