Yahoo confirmed a huge data breach took place in 2014 affecting up to 500 million users on Thursday. In August, the company said it was investigating a possible breach after a hacker claiming to have stolen the account information posted 200 million Yahoo user accounts for sale on dark web marketplace The Real Deal. The account information — which purportedly included user names and passwords easily cracked with free tools available online — was listed for 3 Bitcoin, or roughly $1800.
Such a low asking price is indicative of an older breach, said Security Scorecard chief research officer Alex Heid. It is likely that the hacker or hackers behind the attack has already tried to use the information to hack into other services — such as bank accounts, PayPal accounts, email services, even Netflix — and erased a lot of the value, said Heid.