Purported data from 200 million Yahoo accounts may be legit
[Update, 3:30 PM ET— Yahoo has revealed that “information associated with at least 500 million user accounts was stolen” in late 2014, and the company believes the data was stolen by a “state actor.” See Dan Goodin’s report on the breach for more details. Our original story continues below.]
In August, a dealer in stolen data who goes by the online moniker “Peace”—the person or persons who previously sold data from the accounts of MySpace and LinkedIn users—announced that the results of another “megabreach” were for sale. This time, it’s the account information of 200 million Yahoo users. According to a report by Recode’s Kara Swisher, Yahoo is preparing to confirm the four-year-old breach, potentially creating problems for the company’s planned $4.8 billion acquisition by Verizon.
A previous examination of a sample of the data obtained by Motherboard was inconclusive. There has been a number of other claimed breaches of Yahoo’s account data, including a claim of 40 million Yahoo accounts among a total of 272 million alleged stolen credentials reported in May. But that data that may have just as easily been stolen from other sources.
Link to original: