Based on the sample obtained by Motherboard, which first broke the news of the potential breach, apart from usernames and dates of birth, the data dump includes such sensitive information as passwords, backup email addresses, country of origin and even ZIP codes for some users.
All of these ‘handy’ details are available for just 3 bitcoin, or approximately US$1,800.
Motherboard checked a small sample of the credentials – some two dozen records – to discover that most of the tested Yahoo usernames are linked to actual accounts. However, messages sent to some 100 of the addresses in the sample set were bounced back as undeliverable. This may be due to the fact that the listed data was “most likely” from 2012, as the advert on Darknet claimed, and some accounts may have been deleted since then.
The listing also said that passwords obtained were hashed with an MD5 algorithm, a password-storing method which is known to be easily hacked nowadays.