According to the recent news one million decrypted Yahoo and Gmail accounts are being offered for sale on the dark web marketplace of hacker. The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it.
The listing was published this week and shows SunTzu583 is selling 100,000 Yahoo accounts acquired from Last.FM breach from 2012, in which 43 million user accounts were exposed and publicly released in September 2016. These accounts contain usernames, emails and their passwords in a plain text format. The price for this listing is only 0.0079 BTC (USD 10.75) probably because the data is already out in public.
Another listing from SunTzu583 shows more 145,000 Yahoo accounts available for sale in 0.0102 BTC (USD 13.75). These accounts also contain usernames, email and their decrypted passwords. Another listing shows the same vendor is selling 450,000 Gmail accounts for 0.0199 bitcoins ($25.74), which includes emails and their clear text passwords. The information include data stolen from data breaches that took place between 2010 and 2016.
Hackers looking to make quick money mostly use the Dark Web to sell hacked and stolen user accounts from older data breaches, which are then used by cybercriminals to perpetuate other crimes such as identity theft. It is highly recommended that users reset their passwords as soon as possible, if they believe that their accounts were among the breaches mentioned above. Also, if the same password and security questions have been used elsewhere, request to have them changed urgently.