You come up with complex password for you Yahoo account: two uppercase letters, three numbers and you didn't use any part of your username. You assume your account is safe. That may not be the case.
A hacker known as "Peace" claims to have 200 million Yahoo usernames and passwords and is offering to sell the credentials on the dark web, reported Motherboard on Monday.
Yahoo could not yet confirm the hack. "We are aware of a claim," a Yahoo spokeswoman said in an email. "Our security team is working to determine the facts."
While many of these claims -- hackers saying they hold the keys to millions of accounts -- never pan out, Peace reportedly tried to sell log-in details for millions of LinkedIn and MySpace accounts in May. Both of those companies confirmed the hacks.
This time around, it's still unclear if the usernames and passwords are real. Motherboard messaged over 100 of the email addresses and most returned as undeliverable.