At least three copies of the collection were bought on the dark Web this summer.
The treasure trove of data stolen from Yahoo, a breach made public this week, has actually been for sale on the dark Web for several months, according to Bloomberg.
Andrew Komarov, chief intelligence officer at cybersecurity firm InfoArmor, tells Bloomberg that a copy of the data was available for $300,000 in August, and three buyers emerged. Since Yahoo changed people’s passwords after this week’s disclosure, however, the data became less valuable and bids have dropped to $20,000 to $50,000, according to The New York Times.
InfoArmor confirmed those numbers to PCMag, and pointed to a September blog post it penned in September after Yahoo revealed a separate data breach that happened in 2014 and affected more than 500 million accounts.
InfoArmor placed the blame for that breach on “a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations.” For the last four years, they’ve had success there, dumping data from MySpace, Tumblr, and LinkedIn, while compromising other systems that have not yet been revealed.
For the most recent Yahoo breach, which occurred in 2013, names, email addresses, telephone numbers, birthdays, passwords, and security questions and answers were compromised. Internal investigators, however, do not believe credit card data or bank account information was stolen. Yahoo also said the passwords and some security questions and answers were hashed, meaning the thieves could not read them without additional information from a separate database.
Yahoo is also looking into reports of forged cookies, which allow account access without a password, that may be connected to the 2014 hack. Yahoo will notify users whose accounts may have been affected.