The notorious black hat says he has more than 200 million hacked Yahoo accounts for sale on the dark Web. Yahoo is refusing to comment on its veracity. Yahoo accounts are primarily used to log into the company’s webmail service, but also for other sites like Flickr. It is uncertain at this point whether Yahoo has itself been breached, but the account data has been publicly available on a Tor-accessible marketplace called The Real Deal since Monday, and is apparently being sold by a hacker known as Peace, who has previously been linked to large-scale sales of MySpace and LinkedIn account details in 2012.
The entire dump, which apparently contains usernames, hashed passwords created with the md5 algorithm, dates of birth, and occasional backup email addresses, can be bought for three bitcoins (roughly £1,360 or $1,813).
Yahoo recommends creating stronger passwords