Amid news of data breaches happening just about everywhere at a staggering pace, it would seem that infamous hacker Peace is at it again. With their bitcoin-based store hidden within the deep web already harboring a huge number of accounts from services like MySpace, LinkedIn, and Twitter, Peace is easily one of the biggest names in account theft and sale. Now, it seems the newest addition is a package of about 200 million Yahoo accounts. The mass of accounts, which Peace has stated are probably from back in 2012, are on offer for 3 bitcoins in total, roughly equivalent to $1,860 USD.
Yahoo seems to have been made aware of the breach, but are holding off on any definitive statements until they complete their own investigation. In an official statement, Yahoo said that they were “aware of a claim”, but could not yet confirm or deny that the accounts on offer are Yahoo accounts. As of this writing, users signing into Yahoo are not required or even urged to change their passwords; Yahoo’s stance, for the moment, seems to be that nothing can really be confirmed, so there’s no reason to panic. During a chat with our source, Motherboard, Peace allegedly decried Yahoo’s lax attitude, saying, “…they don’t want to confirm well better for me they don’t do password reset.”
When talking with Peace, Motherboard managed to get their hands on a selection of about 5,000 accounts, so they decided to take some of them for a spin to see if they were authentic. A good number of them did check out and allow Motherboard staff to log in, but when they attempted to make contact via email with the compromised accounts, they found that some of the accounts, while real, had been disabled and could not receive their messages. This seems to corroborate Peace’s assertion that the pilfered details, which include a large amount of user personal information like phone numbers, are from 2012. While a great many of the accounts that are included in the hack may be inactive or have outdated information listed in the hack, it would be prudent for all currently active Yahoo users to take applicable precautions.