$1,824 for Over 200 million Stolen Yahoo Accounts

change your password to make sure you're email is not among the stolen Yahoo accounts

Some of the auctioned stolen Yahoo accounts are valid.

A hacker is claiming to be in possession of over 200 million stolen Yahoo accounts and is currently trying to sell them on the black market for $1,824, or 3 bitcoins.

The hacker in question, peace_of_mind, claims on the black market post that he previously hacked and sold multiple Tumblr and LinkedIn login credentials.

According to his short message, the Yahoo database that he is offering up for sale originates from famous group of Russian hackers who already managed to breach Tumblr, LinkedIn, and Myspace.

He added that the database is from 2012 and copies of it have already been purchased by other customers.

This Monday Yahoo representatives declared that the company is aware that over 200 million stolen Yahoo accounts are up for sale on the black market, but they were careful not to deny or confirm if the news is real.

“Our company team is working to determine the facts,” Yahoo states.

In 2012, the company did report a breach of security, but they only declared that 450,000 accounts were targeted. The act was claimed by a group that calls itself D33ds. Yahoo later emitted a public statement saying that the majority of the passwords that the hackers managed to steal were invalid.

It is still unclear if the 2012 public hack is connected to the current black market sale, but if it does, it could spoil the image of the company. The present black market sale would translate into a superfluous security concern over at Yahoo.

Other online security experts have been tracking another Russian hacker also known as “The Collector.” The man is suspected to have sold tens of millions of login details for Gmail, Hotmail, and Yahoo.

In order to prove the validity of the sale, peace_of_mind added a sample of the stolen Yahoo accounts. The sneak peek includes several email addresses and their passwords that were hashed with the MD5 algorithm.

There is an MD5 decrypter online, and it is efficient in cracking the simple protection layer of the sample.

What is even more concerning is that the database that is being auctioned on the black market contains the birth dates of users and their backup email addresses.

Yahoo advises its users to change their passwords and not use the same combination on two different accounts.

Image source: Wikipedia