12 Aug 2016

A Hundred Million Plus Yahoo Accounts Compromised, Sold on The Deep Web

All of your accounts’ personal details, such as your phone numbers, birth dates, email addresses, usernames, passwords, etc, and all of the remaining 200 million Yahoo accounts are being sold online.
This huge chunk of data can be purchased on the deep web from a hacker who goes by the name of ‘Peace’ – the same hacker who compromised data sets of MySpace and LinkedIn, selling the usernames and passwords for thousands of dollars. Like any other ‘reputable’ company, they haven’t accepted, nor denied the claim. The Verizon brought company stated that they are investigating if the hacked credentials are real or fake, so they can work on their strategy accordingly.

There is quite a possibility that the stolen details that consist of passwords that can only be read with a key, might have been obtained from the millions of LinkedIn and MySpace accounts, or perhaps other data sets.
According to the experts, the stolen usernames and passwords were retrieved four years ago; anyone can buy them for $1,750 (which is 3 BTC), along with the other 602 million credentials combined, which were stolen from Tumbler, MySpace, and LinkedIn.
According to Yahoo, these claims can be fake, however, whether they are fake or not – they said that they take security very seriously, and that protecting their users is one of their prime concerns. Yahoo have stated, the team which handles security is doing an investigation on the situation. They also stated that their security team is working hard to strengthen their infrastructure, and that they also encourage their customers to create passwords 13 characters long, as well as have a combination of capital alphabets, numbers, special characters, and should not be a word that can be easily found in a dictionary. It is also preferred that one should use a Yahoo Account Key so logins can become safer.
However, a tech magazine tested the details of more than 3000 compromised accounts and found out that nearly all of the accounts ended with a Yahoo dot com address. When they tried to contact the account users, none of them every replied; rather, they got a message stating that either the account was closed, or the user does not exist. The tech expert who was testing the accounts stated the accounts that were hacked were genuine, but the results they were getting were because of the outdated hack.
Simon Crosby, co-founder and Chief Technology Officer of Bromium – a security research firm – stated that people should keep an eye out for phony looking messages from family and friends, as it is quite possible the weird message is not from them. Crosby continued by saying that it can be a way of hacking your password or infecting your email address.
One must reset account passwords, login details, and even your bank account credentials should be updated, because who knows how far the malware might have infiltrated.

Source: PC World