Hacker Selling 200 Million Yahoo Accounts On The Web
Hardly a day goes by without headlines about another data breach. The latest is news about the same hacker who was responsible for selling data for MySpace, LinkedIn, Tumblr and VK.com. There is evidence that this hacker is now selling login information of 200 Million Yahoo users.
The hacker, who goes by the name “Peace,” has uploaded 200 Million Yahoo credentials and is selling them on an underground marketplace called The Real Deal for 3 Bitcoins.
Yahoo has admitted the company was aware of the potential leak, but did not confirm the authenticity of the data as of yet.
The compromised data includes usernames, MD5-hashed passwords and birthdates from 200 Million of so Yahoo users. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for United States users.
Because the passwords are MD5-encrypted, hackers can easily decrypt them using MD5 decryptors easily available online.
Last week, Verizon acquired Yahoo for $4.8 Billion. The hacker probably decided to monetize the stolen user accounts before the data lost its value.
Although Yahoo has not confirmed the database breach, users are strongly advised to change their passwords. We at IT Resource Management Services recommend passwords longer than 10 characters with a combination of upper, lower, numeric and with special characters and we also strongly advice that passwords be changed every six months. Many companies now offer two-factor authentication for online accounts and we strongly recommend this option. We strongly recommend that you update your passwords immediately, especially if you are using the same password for multiple websites.