Hackers usually steal webmail credentials to use them for their personal profit or publish them on the internet or sell them on the dark market. In spite of the importance of this issue, the research community still needs a complete knowledge of what these stolen accounts are used for.
The data that users store in email accounts on services such as Google Mail, Yahoo Mail, or Microsoft Mail, as well as the probability of misusing them for illegal activities has attracted hackers, who actively interest in hacking such accounts.
Hackers can use hacked accounts in various ways. They can use these accounts to send spam. This method is particularly powerful because of the well-established reputation of these accounts: the previously established contacts of the account are likely to trust its main owner and are therefore more likely to open the messages that they get from these accounts.
Hackers also can use the stolen accounts to obtain sensitive data about the victim. This data can contain financial credentials (credit card numbers, bank account numbers), login credentials to other online services, and personal communications of the victim.