A dark web vendor is reportedly selling over 1 million decrypted Gmail and Yahoo accounts in an underground marketplace. The accounts listed for sale allegedly contain usernames, emails and plaintext passwords.
The cybercriminal allegedly selling the accounts is believed to be using the handle "SunTzu583". The dark web vendor is allegedly selling 100,000 Yahoo accounts, from the 2012 Last.fm data breach, for 0.0079 bitcoins ($10.75). Another 145,000 Yahoo accounts from the 2013 Adobe breach and the 2008 MySpace hack were also reportedly found listed for sale, for 0.0102 bitcoins.
SunTzu583 is also reportedly selling 500,000 Gmail accounts for 0.0219 bitcoins. The accounts allegedly come from the 2008 MySpace hack, the 2013 Tumblr breach and the 2014 Bitcoin Security Forum breach, according to a report by HackRead.
Yet another 450,000 Gmail accounts were also listed on sale by the same vendor for 0.0199 bitcoins, from various other data breaches that took place between 2010 and 2016, including the Dropbox, the Adobe and other hacks.
The data has allegedly been checked by matching it to data on popular data breach notification platforms such as HaveIBeenPwned. However, the data listed for sale has not been independently verified by IBTimes UK.
It has become increasingly commonplace for hackers to sell user accounts from older data breaches on underground marketplaces, as a way to make a quick buck. These hacked and stolen accounts are used by cybercriminals to perpetuate other crimes such as identity theft. It is highly advisable that users adopt safe security practices and change their account passwords in the event that their accounts are found to be a part of massive data breaches.