If you have an account with Yahoo, now would be a good time to reset your password. That’s because a notorious hacker by the name of Peace is reportedly selling the login credentials of 200 million Yahoo accounts on a dark web marketplace for the low price of just three Bitcoins (around $1,800).

In a statement to Motherboard, Yahoo said it works hard to keep their users safe, adding that they encourage users to create strong passwords, create different passwords for different platforms or give up passwords altogether by using Yahoo Account Key.

That said, Yahoo conceded that it is aware of the alleged breach but has yet to confirm or deny its legitimacy.

A sampling of the data obtained by Motherboard contained usernames, hashed passwords (MD5 algorithm), birth dates and in some cases, a backup e-mail address. According to Peace, the data was likely sourced around 2012. The hacker claims to have traded the data privately for some time but just recently decided to sell it publicly.

The publication said most of the two dozen accounts it tested did correspond to actual Yahoo accounts. When attempting to contact more than 100 of the addresses in the 5,000 sample set, many were returned as undeliverable which suggests the data is either outdated or partially invalid.

Curiously enough, Yahoo hasn’t issued a mandatory password reset, something that’s common when suspected breaches occur.

Image courtesy dennizn, Shutterstock