Is your email address for sale on the dark web?

Recent news has come to light that there could have been a significant data breach at Yahoo. A hacker has claimed that they have 200 million Yahoo accounts for sale, after listing them on the dark web market. These accounts are being sold for three Bitcoins, which relates to roughly £1,350 per entry. The data reveals the username, password, and birth date of the account holder. A test of a sample set has been conducted and it proves that the usernames do correspond to real accounts. Yahoo has yet to confirm or deny that a breach has taken place.


The cyber criminal, who has the moniker ‘Peace’, has also stolen email addresses and passwords from LinkedIn and MySpace in the past. Users need to purchase a key in order to unscramble the passwords. Yahoo has revealed that they are working to go to the bottom of the issue. The company, which was only sold to Verizon last week, is attempting to firstly determine if the details are in fact correct, and then if they were obtained during a hack.

Information surfacing indicates that the data was stolen back in 2012. This may seem alarming to many that a potential data breach could go unnoticed for roughly four years. However, it is not uncommon for data breaches to be undetected for a long time. A lot of businesses right now will have been the victim of a cyber attack and they won’t even realise it.

The attack is also similar to a lot of breaches that we have heard about lately. Only a few months ago, the credentials of 360 million MySpace accounts were put up for sale on the dark web. We have also experienced the sale of 65 million Tumblr emails and 117 million LinkedIn account details. So, what do you do if your email account has been hacked?

Firstly, you should change your password. This is something all Yahoo email users are advised to do as soon as possible. In fact, changing your password every three months is advised in any case. Choose a strong password that incorporates capital letters, lower case letters, symbols, and numbers, and make sure you don’t include any full words. If it is too late, and the hacker has already changed your account, you need to follow the ‘forgot your password’ link, and if that is unsuccessful, get in touch with the email account provider.

When possible, implement two-factor authentication, which involves adding another security layer aside from entering a password. For example, you may receive a new code via your phone whenever you want to login to your email account. This reduces the chance of someone gaining access. Yahoo, Hotmail, Microsoft, and Gmail offer two-factor authentication.

Last but not least, check your email settings. If your account has been breached, the hacker may have changed the settings so that every email you send or receive is forwarded to them. This allows them to look for your login details for other websites, which can lead to more serious issues.