The login information of 200 million Yahoo users leaked out, is it distributed in the black market on the "dark web"?

ByEsther Vargas

Of the users who use Yahoo! in the United States, it is obvious that data of 200 million people are leaked and sold in the black market on the Internet's dark web "Dark Web".

Yahoo 'Aware' Hacker Is Advertising 200 Million Supposed Accounts on Dark Web | Motherboard

Yahoo probes possible huge data breach - BBC News

According to overseas media reported from 1st to 2nd August 2016, a hacker who names "Peace" or "peace_of_mind" is a market site on the dark web "TheRealDeal Market"It is said that Yahoo! user's authentication information was put on sale. "Peace" in the pastSales of the largest ever 642 million account information including LinkedIn and Tumblr on dark webHe also said that he was "trading individually so far, but decided to sell widely recently" to the interview of the media "Motherboard".

It was authenticated by 200 million Yahoo! users in the United States. According to Motherboard which got a sample of data before publishing to the market it is a user name, hashed password and birthday information created by MD5 algorithm, depending on account, another address for backup etc. It is information of. In both cases, account data at the time of 2012 is the majority, and it is sold with 3 bit coin corresponding to about 1860 dollars (about 190,000 yen).

When Motherboard which obtained about 5000 samples of the sample investigated about 20 user accounts, it turned out that most of them agreed with the actual account. Meanwhile, when I tried to contact 100 or more e-mail addresses included in the sample, it means that the mail could not be delivered because the account was suspended.

Regarding this one case, Yahoo! in the United States responded to the interview such as Motherboard, "I am aware of (Peace's) assertion" and affirm and deny the question as to whether it agrees with the actual data He did not show any attitude. The company commented that it will organize a specialized team and continue to investigate.

in Web Service,   Security, Posted by darkhorse_log