Usernames, emails and unhashed passwords of Yahoo and Gmail accounts are reportedly being sold by a Dark Web vendor.
A dark web vendor is reportedly selling over 1 million decrypted Gmail and Yahoo accounts in an underground marketplace. The accounts listed for sale allegedly contain usernames, emails and plaintext passwords.
The cybercriminal allegedly selling the accounts is believed to be using the handle “SunTzu583”. The dark web vendor is allegedly selling 100,000 Yahoo accounts, from the 2012data breach, for 0.0079 bitcoins ($10.75). Another 145,000 Yahoo accounts from the 2013 Adobe breach and the 2008 MySpace hack were also reportedly found listed for sale, for 0.0102 bitcoins.
Another listing from SunTzu583 shows more 145,000 Yahoo accounts available for sale in 0.0102 BTC (USD 13.75). These accounts also contain usernames, email and their decrypted passwords.
Yet another 450,000 Gmail accounts were also listed on sale by the same vendor for 0.0199 bitcoins, from various other data breaches that took place between 2010 and 2016, including the Dropbox, the Adobe and other hacks.
The data has allegedly been checked by matching it to data on popular data breach notification platforms such as HaveIBeenPwned. However, the data listed for sale has not been independently verified by by Report focus
It has become increasingly commonplace for hackers to sell user accounts from older data breaches on underground marketplaces, as a way to make a quick buck. These hacked and stolen accounts are used by cybercriminals to perpetuate other crimes such as identity theft. It is highly advisable that users adopt safe security practices and change their account passwords in the event that their accounts are found to be a part of massive data breaches.