Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web

Hardly a day goes without headlines about any significant data breach. In past years, billion of accounts from popular sites a services including services like Tumblr, MySpace, LinkedIn and Last.FM, Yahoo, and VK.com were exposed on the Internet.

According to a recent news login credentials and personal data linked to more one million plus accounts of Yahoo and Gmail are reportedly being offered for sale on the dark web.

The list available for sale on Dark Web allegedly contain usernames, emails, and password in plaintext. These accounts are not from single data breach they’ve been intercepted by several major cyber attacks.

The hacker going by the online handle ‘SunTzu583’ has listed a number of cracked email packages on a series of dark websites, HackRead reported.

  • 100,000 Yahoo accounts acquired from 2012 Last.FM data breach, for 0.0084 Bitcoins ($10.76)
  • Another 145,000 Yahoo accounts acquired from two separate data breaches – the 2013 Adobe data breach and the 2008 MySpace breach – for 0.0102 Bitcoins (USD 13.75).
  • 500,000 Gmail accounts from the 2008 MySpace hack, the 2013 Tumblr breach, and the 2014 Bitcoin Security Forum breach for 0.0219 Bitcoins ($28.24).
  • Another 450,000 Gmail accounts for 0.0201 BTC (USD 25.76), which came from various other data breaches in Dropbox, Adobe, and others that took place between 2010 and 2016.
    Last.

FM data breach from 2012 exposed 43 million internet user account which was publicly released in September last year.

Adobe breach from October 2013 also exposed over 153 million accounts contain internal ID’s usernames and emails along with password and hint of the password in plain text.

MySpace data breach from 2008 exposed the data of 360 million user accounts containing their usernames, emails and decrypted password which was leaked on the dark web in 2016.

Google’s Gmail email service also known to be one of the most secure email service company can secure their accounts from hackers due to third party data breach.

Millions of Gmail accounts, in which usernames, emails, and plaintext passwords were exposed, were stolen in multiple data breaches in Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and Xbox360 ISO, happened between 2008 and 2016.

SEE ALSO: Dark Web’ Largest Trading Platform AlphaBay Hacked; 200k Messages Leaked

“The data listed for sale by SunTzu583 has not been independently verified by The Hacker News but has reportedly been checked by matching it to the data on a number of data breach notification platforms, including Hacked-DB and HaveIBeenPwned.”, reported by The Hacker News

Here’s What All You Can Do:

Needless to say, you should immediately change almost all your account passwords at least once.

Also enable two-factor authentication for all your online accounts immediately.
And once again, a strong recommendation: Don’t Reuse Passwords.

Also, you are recommended to change your password every few months, which limits how long a stolen password is useful to a hacker.

Since no one can remember and recreate strong passwords for every single online account regularly, the best practice is to use a good password manager. It will generate, store and change regularly strong, unique passwords for all your accounts.

No Comments

Leave A Reply

Please enter your comment!
Please enter your name here