Data of 200 million Yahoo users for sale on the dark web.

Author:Rizzo, Brendan
Position::Research and Studies - Brief article

Reports are circulating about a huge data leak of 200 million Yahoo users. This data is being offered for sale on TheRealDeal dark web market by "peace_of_mind" (aka Peace). The batch of data is, apparently, being sold for 3 Bitcoins and contains usernames, passwords and dates of birth. For users based in the United States, the dump also includes backup email addresses and users' ZIP codes.

"Enterprises need to follow best practices of encrypting all sensitive personal data as it enters a system. Encryption stays with the data whether at rest, in motion or in use, so if an attacker accesses the data, they get nothing of value. The ability to neutralise a breach by rendering data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure. Credentials that never need to be recovered in clear form should be strongly protected with state-of-the art methods, for example, strong standards based keyed hashing.

Hackers will steal anything of value and this story is no exception. Data has high value...

To continue reading