Recode reports that Yahoo is getting ready to confirm a widespread security breach that compromised more than 200 million user accounts this summer, when a notorious hacker named Peace was trying to sell the credentials online for $1,800 (that’s it?). The package included user names, lightly encrypted passwords, and personal information such as dates of birth.
Confirmation of the breach — Yahoo said it was aware of Peace’s claims earlier this year but was investigating the matter — could not come at a worse time. The company is in the process of being acquired by Verizon for $4.8 billion, and the hack could be costly if government investigators and other legal action find the company at fault. Yahoo shareholders are reportedly worried that it could impact Verizon’s final purchase price.
As is now the routine, if you have a Yahoo account, you should change your passwords, if you haven’t already, and turn on two-factor authentication. Additionally, if your Yahoo password was the same password you use for other accounts, you should change those, too. And then you should try to figure out if there’s anything associated with your Yahoo account worth stealing.