Over one million accounts were being offered online by hackers seeking bitcoin hauls.
Usernames, email address and passwords stored in plain text were being sold, giving hackers potential access to unsuspecting people's private information.
According to reports, a hacker going by the online handle "sunTzu583" is behind the security breach.
The hacker is offering accounts that appear to have come from some several previous major cyber-attacks and data breaches.
The accounts include 10,000 Yahoo Mail accounts leaked from the 2012 last.Fm data breach. There are also another 145,000 accounts from the 2013 Adobe breach, and the 2008 Myspace hack.
The main stash appears to be half a million Gmail accounts, which reportedly come from 2008 MySpace hack attack, the 2013 Tumblr breach, and the 2014 Bitcoin Forum Breach.
The same hacker also listed 450,000 Gmail accounts from various data breaches that were carried out between 2010 and 2016, including the Dropbox and the Adobe hacks. These were selling for 0.0199 bitcoins.
In February this year, Yahoo warned users that their accounts had potentially been compromised. The company, however, declined to reveal how many people had been affected by the breach.
Yahoo blamed some of the potential security breaches to what it described as the "state-sponsored actor" blamed for the theft of private data from more than 1 billion user accounts in 2013 and 2014.
"Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account," a message to Yahoo users read.