icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
7 Mar, 2017 04:13

Emails for sale: Dark web vendor peddles decrypted Gmail, Yahoo accounts

Emails for sale: Dark web vendor peddles decrypted Gmail, Yahoo accounts

Amid all the lurid sales on the dark web, one auction could be of interest to as many as a million people. A seller hopes to profit off 1 million Gmail and Yahoo accounts with decrypted emails, usernames and passwords that were leaked in various hacks.

One million accounts could be compromised and for sale on the dark web. A user called SunTzu583 is auctioning off 500,000 Gmail accounts for 0.0219 bitcoin ($28.24) in one auction and 450,000 in another for 0.0199 bitcoin ($25.74).

Gmail’s reputation for being one of the more secure providers is still largely intact, as the accounts involved in the auctions largely seem to have been hacked through third parties, such as the Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and via the Xbox360 ISO breach.

SunTzu583 is also selling 100,000 Yahoo accounts for a mere 0.0079 bitcoin ($10.75), because the information was obtained back in the 2012 Last.fm hack. A fourth auction from the user is selling 135,000 Yahoo accounts obtained through an Adobe breach in 2013 and a MySpace breach in 2008, Hack Read reported.

Some of the accounts have been confirmed through websites such as HaveIBeenPwned as well as by attempting to enter in the information into login pages. Hack Read reported that many of the login attempts were unsuccessful, as the passwords had been changed.

The information ranges from breaches in 2010 until 2016, and therefore it is questionable whether much of the information being sold by SunTzu583 is even still valid. However, it is recommended that users affected by breaches in the past change their passwords just to be safe.

Podcasts
0:00
29:12
0:00
28:18