The personal data is believed to have been stolen back in 2012 and is now being sold online for 3 bitcoins (GBP 1,350) per entry.
Yahoo said it is aware of the claim that its customers data is being sold online and is working to determine the facts, including if the details are legitimate and if they were retrieved in a hack. However, the company has not confirmed a breach.
Motherboard tested the details of two dozen allegedly stolen contact details from a sample of 5,000 and found that they corresponded with legitimate Yahoo accounts. But when it tried to contact 100 of the addresses its attempts were returned with error messages.
Amid fears that Yahoo was indeed hacked years ago, security researchers stressed the importance of using strong and unique passwords online. Yahoo encourages its users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now