If you’ve got a Yahoo, Inc. account you may want to reset your password with news that a hacker is currently offering login data for 200 million Yahoo accounts on the dark web.

The hacker selling the logins goes by the name of Peace_of_Mind (Peace) and is the same hacker behind the release of verified data dumps from both MySpace and LinkedIn.

According to Motherboard the Yahoo account details are being offered for sale on dark web marketplace The Real Deal for a price of 3 bitcoin, which at the time of writing is worth $1,650; Peace told the site that he has been privately trading the data for some time but only now decided to sell it openly.

Yahoo has neither confirmed or denied the allegation, saying only in a standard response that they are “aware of the claim” and that they were “committed to protecting the security of our users’ information and [they] take any such claim very seriously.”

“Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”

Risk

What is unknown at this stage is exactly how accurate the data being offered is.

What is known is that it dates back to 2012 meaning that some of the details may be well out of date; Motherboard claims to have tested a small subset of the data and discovered that two dozen Yahoo usernames did correspond to actual accounts of the service, but an attempt to contact over 100 of the addresses saw many returned as undeliverable as the accounts no longer existed.

Presuming at least a sizeable chunk of the data from 2012 is still valid today Yahoo users could well be in serious trouble; according to Softpedia “the passwords are MD5-encrypted … [and] since MD5 hashes can be decrypted almost instantly these days, meaning their passwords are practically exposed as cleartext.”

The Yahoo hack, if proven, would rank as one of the largest data breaches of all time.

Given that so far there has been neither confirmation from Yahoo nor extensive testing of the data-set stay tuned for more news as the story develops.

Image credit: viirok/Flickr/CC by 2.0