As many as 200 million Yahoo accounts may have been posted for sale on the dark web as part of a cyber attack, claims one notorious hacker, potentially putting the online security of users at a serious risk.
The alleged hacker, who goes by the name "Peace," has previously offloaded hacked data from MySpace and LinkedIn. He told tech site Motherboard that the Yahoo data was from "2012 most likely," and included usernames, hashed passwords, dates of birth and recovery emails.
Yahoo has neither confirmed nor denied any breach, telling NBC News in an emailed statement that its security team is "working to determine the facts."
"We are aware of a claim. We are committed to protecting the security of our users' information and we take any such claim very seriously," the company said in the statement.
Should I Change My Password?
Robert Siciliano, CEO of IDTheftSecurity.com said that regardless of whether the information is legitimate or if it's outdated, it would still benefit anyone who uses a Yahoo account to take a proactive approach to protecting their private information.
"With any data breach, the moment that the user is made aware they should immediately change their password," Siciliano told NBC News. "Make sure that the password they change it to is not the same as any other password they use for any other critical account."
Yahoo said it urges users to create strong, unique passwords but also points them to Account Key. The service replaces passwords by sending an alert to a user's phone requesting access anytime they try to log in by entering their email address.
It was announced last month Verizon had reached an agreement to purchase Yahoo for $4.83 billion, strengthening the mobile carrier's internet business and giving it access to Yahoo's trove of advertising tools.