A Yahoo spokesperson told IBTimes UK via email: “We are aware of a claim. We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts.
“Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
As noted by Vice Motherboard, which first reported news of the potential breach, the firm did not confirm nor deny the data was legitimate. IBTimes UK contacted Peace for comment via The Real Deal however did not receive a response by the time of publication. It remains unclear if Peace hacked Yahoo to get access to the credentials, whether the data was obtained from a secondary source or even if it is simply made up from records taken from other major hacks.
Screenshot of the alleged Yahoo data dump listed for sale on The Real DealIBTimes UK/The Real Deal
Little is known about the individual – or group – behind the Peace persona. However, in one interview given to Wired, he or she claimed to once have been part of a Russian hacking group that targeted major technology firms.
Once the group reportedly split, data dumps from 2012/13 that were previously only shared with an “inner circle” started to appear online. These included 160 million accounts from LinkedIn, 100 million from Russian social media platform VK.com and 360 million from Myspace.