The accounts appear to be from 2012; Yahoo said it is investigating.
Yahoo is investigating a potential security breach, a day after 200 million Yahoo user accounts reportedly showed up for sale on the dark web.
A hacker linked to breaches of LinkedIn and MySpace databases posted the Yahoo information on a marketplace called The Real Deal, Motherboard reported yesterday.
It’s unclear if the Yahoo login credentials came from a stolen company database or were obtained though some other hacking method.
A Yahoo spokesperson told Motherboard that the company was aware of the credentials being stolen online, but did not confirm whether Yahoo itself was hacked.
The company said today that it is still investigating the potential security breach, according to BBC News.
A spokesperson did not immediately respond to PCMag’s request for comment.
Many of the accounts appear to be disabled or otherwise inactive. Motherboard attempted to contact more than 100 email addresses from the database, and many of its queries came back as “undeliverable.” The hacker who posted the data told Motherboard that the addresses were most likely from 2012.
This is not Yahoo’s first security issue.
In 2012, a breach exposed 453,000 passwords, while a 2014 breach involved what the company described as a “coordinated effort” to gain access to Yahoo email accounts.
In May, the US House of Representatives blocked Yahoo access on its network over concerns that it was a target for hackers.
Yahoo sought to reassure its customers today, telling BBC News that it “works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”