A new listing of hacked user accounts from Yahoo has been published today on TheRealDeal Dark Web marketplace, claiming to have over 200 million records in the hack.
The hack includes usernames, passwords, and dates of birth for all users. For some records, there is also a backup email addresses, country of origin, and ZIP code for US users.
The hacked data dump for sale on the dark web comes at a time when bitcoin exchange users are being targeted from previous hacks. A previous hack of 164 million email addresses and passwords from LinkedIn popped up in July where Bitmex and itBit were both targeted and some exchange users impacted. Later in the month Kraken exchange users were targeted as well, quite possibly from the same hack.
With the news of the Yahoo hack, there is a certain chance that hackers will again try to target bitcoin exchanges by checking if usernames and passwords are being reused on the exchanges that were once used on Yahoo. After the LinkedIn hacking news surfaced, Isle of Man based bitcoin exchange CoinCorner quickly updated their security policies in a preventative measure to help stop any sort of targeting on their users.
The Yahoo hacker selling the 200 million records is the same hacker who sold the LinkedIn data previously, in addition to other well known hacks of Myspace, Tumblr, and others. The hacker who calls himself “Peace of Mind” has put up the hacked data for 3 bitcoin, which the current value converts to $1792 USD.
It should go without saying but every opportunity to repeat good security practices is worth it; bitcoin users should not be reusing passwords across the web. If you have a Yahoo account and you reuse your passwords, you should change them immediately. In addition, it’s highly recommended that you turn on two factor authentication (2FA) on your exchange and wallet accounts as well as your personal email.