1 Million Yahoo Accounts With Decrypted Passwords Being Sold on Dark Web

As most of us know, Dark web is the marketplace for all sorts of illegal stuff including guns, drugs, fake id cards. Recently, Dark web has become a home ground for the hackers and cyber criminals to sell their stolen database credentials from many Internet giants.

Recently a vendor with the handle “SunTzu583” is found selling millions of the Yahoo and Gmail accounts on a dark web marketplace. This listing was published last week and shows this SunTzu583 selling 100,000 Yahoo accounts which he acquired from the Last.FM breach from 2012, during which 43 million user accounts are exposed and all of them are publicly released in September of 2016. The records contain the emails, usernames and their passwords plain text format. The total price to get this listing is only 0.0079 BTC (nearly USD 10.75) probably as the data is already out in the public.

There is another listing from SunTzu583 which shows more than 145,000 Yahoo accounts available for sale for 0.0102 BTC (nearly USD 13.75). These accounts also contain email, usernames and their decrypted passwords. According to the research conducted by the HackRead, other accounts are taken from two other separate breaches  that include Adobe breach in October 2013, during which 153 million accounts are breached with each containing an username, email, internal ID, encrypted password and also a password hint in just plain text and the MySpace breach from 2008, during which 360 million user accounts are stolen and all of them are leaked on the dark web back in 2016.

Google’s Gmail is known as one of the most secure email service providers, but there is nothing that Google can do when Gmail accounts are stolen due to a third party breach. The data in discussion here is accounts of 500,000 Gmail users being sold on the same marketplace for the price of 0.0219 BTC (USD 28.24).

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients