Back in August, a hacker named peace_of_mind claimed to be selling a database containing credentials for 200 million Yahoo accounts.
At the time Yahoo indicated they were investigating the matter, but could not confirm.
Today, Yahoo confirmed that 500 million accounts were compromised in what we believe is the largest known data breach in history.
Some insiders say that the breach could be 3 billion accounts.
Peace_of_mind originally indicated in the listing that the database most likely came from a hack in 2012, but Yahoo is now indicating the breach occurred much later in 2014.
The compromised data contained user email addresses along with passwords (unsalted MD5 hashes), birth dates and secondary email addresses.
What do you do if you have a yahoo account?
We recommend that Yahoo users change their password ASAP and if they use the same password across multiple accounts, they need to change the passwords for their other accounts as well.
What can developers do?
One way to help your users in these types of situations, is to install a password strength meter that also checks for compromised passwords.
Check out www.passwordping.com/example and in the secure second box, type in a password to see how it works.