Over 1 million decrypted Gmail and Yahoo accounts being sold on the Dark Web
A vendor is reportedly selling over 1 million decrypted usernames, emails and plaintext passwords of Yahoo and Gmail accounts on the Dark Web.
According to a report by HackRead, the cybercriminal who is using the handle “SunTzu583” is allegedly selling 100,000 Yahoo accounts, containing usernames, emails and their passwords in a plain text format from the 2012 Last.fm data breach. This breach saw 43 million user accounts being exposed and publicly released in September 2016. All these information have been listed on the Dark Web for sale for 0.0079 bitcoins ($10.75). Another 145,000 Yahoo accounts from the 2013 Adobe breach and the 2008 MySpace breach were also reportedly found listed for sale, for 0.0102 bitcoins ($13.75). These accounts also contain usernames, email and their decrypted passwords.
SunTzu583 is also reportedly selling 500,000 Gmail accounts for 0.0219 bitcoins ($28.24). The data contains usernames, emails and their clear text passwords stolen from three breaches including MySpace breach in 2008, Tumblr breach in 2013, in which millions of accounts were stolen and leaked online, and Bitcoin Security Forum breach in September 2014.
Another listing shows the same vendor is selling 450,000 Gmail accounts for 0.0199 bitcoins ($25.74), which includes emails and their clear text passwords. The information include data stolen from data breaches that took place between 2010 and 2016, such as Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and Xbox360 ISO.
While it is difficult to verify if data on the Dark Web is legit or not but in this case, HackRead checked the data on data breach notification platforms like Hacked-DB and Haveibeenpwned. However, the data listed for sale has not been independently verified by Techworm.
Hackers looking to make quick money mostly use the Dark Web to sell hacked and stolen user accounts from older data breaches, which are then used by cybercriminals to perpetuate other crimes such as identity theft. It is highly recommended that users reset their passwords as soon as possible, if they believe that their accounts were among the breaches mentioned above. Also, if the same password and security questions have been used elsewhere, request to have them changed urgently.