There have been huge breaches at MySpace and LinkedIn and the hacker who claimed the attack reportedly sold the accounts to a dark web marketplace.
Yahoo is now investigating on the claim of a hacker who allegedly is responsible for the mega-breaches at LinkedIn and MySpace. 200 million account details was said to be sold on the dark web. Details include usernames, passwords and birthdates. They were being sold for three bitcoins which is equivalent to £1,360 or about $1,800.The data were most likely to be from 2012, BBC reported.
The hacker who claimed the attack was using the name 'Peace'.
Yahoo said that they are taking the claim very seriously and that they are no working in order to determine the facts of the claim. The company also assures the users by saying that they work hard to keep the users safe. They are also encouraging the users to use stronger passwords. Alternatively, they can also use the Yahoo Account Key.
Some of the dumped accounts was tested, around 5,000 samples, and it was found that two dozen of the accounts actually correspond to a real account. When contacted, many of the accounts returned the message marking it undelivered together with an auto-response saying that the account has been disabled or discontinued. This might imply that the dumped data is old, Motherboard reported.
The passwords for the accounts appear to be hashed or scrambled. However, the hacker also published algorithm details which was allegedly used for the hash.
The algorithm used was MD5 which, according to Professor Allan Woodward, is considered to be weak. Prof. Woodward is a security expert in Surrey University.
According to Brendan Rizzo, a HPE Security technical director, the data stolen has a high value to the hackers. Even though the information were od, they can still be used for social engineering attacks and attempts to gain access to deeper systems that hold more lucrative data that can be sold directly when stolen.