A data vendor going by the pseudonym “SunTzu583” on a dark web marketplace is allegedly selling over one million decrypted Yahoo mail and Gmail accounts obtained from previous major data breaches.
The listing – which offers sets of email addresses, usernames, passwords, and in some cases plain text password hints and internal IDs – is being made available for various prices depending on the dataset.
100,000 Yahoo accounts stolen in the 2012 Last.fm breach is going for 0.0079 bitcoin, the equivalent of $10.75; another 145,000 Yahoo mail accounts obtained from the 2008 MySpace data breach and the 2013 Adobe hack are going for 0.0102 bitcoin ($13.75).
More than 40 million user accounts were exposed in the Last.FM hack while a staggering 360 million were stolen and leaked on the dark web in the MySpace breach of 2008.
The dark web vendor offered another half a million sets of credentials on a different listing, but for a marginally higher price of 0.0219 bitcoin ($28.24).
A large portion of the credentials in this dataset was allegedly obtained from the aforementioned 2008 MySpace breach, while fairly smaller contributions came from the 2013 and 2014 hacks on Tumblr and Bitcoin Security Forum hacks, respectively.
In another listing on the same dark web marketplace, the vendor offers another set of 450,000 Gmail accounts for 0.0199 bitcoin, which were allegedly obtained from other minor breaches that took place between 2010 and 2016.
Previous breaches on Adobe, Flash Flash Revolution, Xbox360 ISO, and Dropbox are among the more notable contributors to the bunch.
According to HackRead, who verified the account credentials, the Yahoo accounts from the Last.FM data breach were low-priced because they had already been out in public since September last year when they were first leaked online.
While Yahoo has been exposed in several data breach attempts in the past, including the more prominent one in December 2016, Gmail retains its reputation as one of the most secure email service providers, noting that all major hacks that have involved its accounts have essentially been due to vulnerability on third party platforms as opposed to gaps in its encryptions.
The dark web has been notorious for drugs trafficking, firearm trafficking, and pornography, which are largely illegal on the clear net, but is now slowly becoming a hub for breached data vendors.
The owner of these listings, for instance, has been identified as a very active figure on virtually all major dark web marketplaces, and happens to specialize on offering compromised email credentials.
His profile on dark web market describes him as a user who is “here to sells [sic] mostly digital goods such as accounts and databases.”
Seemingly a reliable vendor, SunTzu583 has hundreds of sales to his name and boasts five reviews, four of them positive and one neutral.
And, as to live up to the standard he has set himself, the dark web vendor provides a few email addresses, usernames, and password entries from the batch of 450,000 Gmail accounts which can be used by potential buyers for verification.
HackRead claims to have verified some of the accounts on data breach notification websites and by logging into different platforms including Dropbox, Tumblr, and MySpace using the credentials and with the permission of the rightful account owners.
They found out that several of the users had changed their passwords in the recent past, plausibly following the breaches, while some platforms had even gone the extra mile to bar access for users who did not respond to two-step authentication measures.
Darkode Is Back Online
This essentially confirms that the accounts were indeed sourced from the platforms and that, if the samples are true representatives of the bundles on the dark web marketplace, the listings are legitimate.
While the data has yet to undergo independent verification, it is advisable that you change your password if your account may have been compromised in any of the mentioned data breaches.
Users may also want to consider updating their passwords if they have used it across multiple accounts.