Yahoo are currently investigating the potential data leak by the hacker who was linked to the “mega-breaches” of MySpace and LinkedIn; a topic we recently covered.
The hacker has allegedly posted the details of 200 million Yahoo accounts onto the ‘dark web’ and is selling them for three bitcoins (£1,360).
The hacker is using the same name – ‘Peace’ – that was used from the 2012 data leaks, which makes the hacker “most likely” to be the same person. Yahoo is currently “working to determine the facts” and are taking the claim “very seriously”.
Yahoo said:
“Yahoo works hard to keep our customers safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
The hacker appears to have hashed the passwords, meaning they have been muddled up – but apparently an algorithm that the hacker used has also been released. However, most of the passwords are easy to reverse as the algorithm is weak, according to Professor Alan Woodward, a security expert from Surrey University.
There have been claims of similar data leaks taking place, but no one is sure whether they are true or not. Caution should be taken over the alleged breach until it can be determined whether it has happened or not.
But we can never be too careful either!
Motherboard confirms sample
It was Motherboard who was first to report the supposed breach and test some of the data of the small sample it got a hold of. The 5,000 records they got were tested to see if they matched any Yahoo accounts.
Motherboard found that it matched the first two dozen Yahoo usernames that were tested with actual accounts. However, it did also find that these accounts were inactive. On contacting the email addresses, many emails returned an auto-response saying the account had been disabled or disconnected, or it would return the message undelivered.
Technical director at HPE Security Brendan Rizzo said:
“Data has high value to attackers, and even though the information for sale on the black market is several years old, it can be used for social engineering attacks for spear phishing attempt to gain access to deeper systems with even more lucrative data that can be monetised directly if stolen.”
Making a claim
If you have been a victim of data breach then we can help. We urge you to contact us if you believe you have a claim, and if we think you do, we can help get you the compensation that you deserve.