Peace hacker claims to have 200m Yahoo accounts ready for sale on dark web

3 Aug 2016

Will Yahoo join the roll call of major data breaches of 2016? According to a hacker calling themselves Peace, they have 200m Yahoo accounts ready to sell to the highest bidder on the dark web.

Right now is probably not the best time for Yahoo to find out it might have been on the end of a major security breach, with the company having recently agreed to sell its core search and advertising businesses to Verizon as part of a $4.8bn deal.

If the name Peace sounds familiar, it’s likely because they were responsible for the previous dark web sales of two of the largest account data dumps of the past few years, those being LinkedIn and MySpace, which together totalled account details in their millions.

Now, according to Motherboard, Peace is back again, with 200m account details from Yahoo that they plan to sell for just three bitcoins, which would currently see them receive nearly €1,500.

With the data believed to date back to 2012 and onwards, Peace, in conversation with Motherboard, said that they have already traded much of the data in private channels, but they are now looking to throw it on the open market.

Yet to be confirmed by Yahoo

A small dataset of 5,000 records was obtained by Motherboard prior to the data being posted for sale on the dark web and, based on its findings, many of those records appeared to match with existing accounts.

However, a number of these accounts appeared to either not have been active on Yahoo, or have since been deleted or disabled.

In a statement, Yahoo confirmed it was aware of a potential breach and was “working to determine the facts”.

It then went on to say: “Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”

Yahoo account login image via Roman pyshchyk/Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com