The hack was originally claimed last month, when Yahoo merely said that it was ‘aware of the claim.’ The fact that the company did not ask users to reset their passwords suggested that it didn’t take the claim seriously, but it seems it now does. The hack itself apparently dates back to 2012.
An infamous cybercriminal named “Peace” said on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses.
The timing couldn’t be worse for Yahoo, at a time when it is negotiating a $4.8B sale of most of its business to Verizon. The piece speculates that confirmation of the data breach, with the potential liabilities involved, could impact the price of the same.
As ever, our recommendation is to use unique, strong passwords for every website and app, and to use two-factor authentication whenever offered. Hopefully it won’t be too much longer before passwords finally die.