In one of the largest data breaches this year, a dark web vendor has got hold of more than a million decrypted Gmail and Yahoo accounts. Not only this, the vendor is also selling the sensitive information in an underground marketplace.
As far as Yahoo accounts are concerned, the vendor is selling 100,000 accounts from the Last.fm data breach in 2012 for 0.0079 bitcoins or $10.75. And from the 2013 Adobe breach, the vendor is selling another 145,000 Yahoo accounts. More accounts from the 2008 Myspace hack are also reportedly listed for sale at 0.0102 bitcoins.
According to a report by HackRead, a total of 500,000 Gmail accounts have also been compromised and are up for sale for 0.0219 bitcoins. The information of these accounts has been sourced from the 2008 Myspace hack, the 2013 Tumblr breach and the 2014 Bitcoin Security Forum breach.
Another set of 450,000 Gmail accounts has also been listed for sale for 0.0199 bitcoins. These accounts have been taken from various data breaches that took place between 2010 and 2016, and that includes the Dropbox, the Adobe and other breaches.
The vendor is reportedly using the handle “SunTzu583” to fuel the cybercrime. The details available for sale include the usernames, email addresses, and passwords stored in plain text. This information is more than enough to give the hackers easy access to your account.
Lee Munson, the security researcher at Comparitech.com, noted, “In an ideal world, the fact that someone is selling stolen credentials, pilfered during data breaches from years gone by, should not be any cause for concern because everyone potentially affected would have already reacted in an appropriate manner.” “In reality, however, a great many people may have been put at risk, largely because they haven’t changed passwords that they have reused across several other accounts.”
Munson has urged the users to check if their accounts have been compromised. You can head to haveibeenpwned.com and type in your email address or username to find any breaches.