A dark web marketplace is where one can buy all sorts of illegal stuff including drugs, fake id cards and weapons. Lately, these marketplaces have become the best place for hackers and cyber criminals to sell databases stolen from Internet giants.
In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet.
Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace.
The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it.
LIST OF DECRYPTED ACCOUNTS WITH PRICES :
The hacker going by the online handle ‘SunTzu583’ is selling cracked Gmail and Yahoo accounts on dark websites.
According to list published last week, 100,000 Yahoo accounts acquired from 2012 Last.FM data breach, for 0.0084 Bitcoins ($10.76). This breach exposed 43 million user accounts that were publicly released in September 2016.
Another listing from SunTzu583 shows more 145,000 Yahoo accounts available for sale in 0.0102 BTC (USD 13.75). These accounts are acquired from two separate data breaches – the 2013 Adobe data breach and the 2008 MySpace breach.
Adobe breach exposed over 153 million accounts containing internal IDs, usernames, emails, encrypted passwords and a password hint in plain text.
And MySpace data breach exposed 360 million user accounts, containing usernames, emails and their decrypted (plaintext) passwords, which were leaked on the dark web in 2016.
500,000 Gmail accounts from the 2008 MySpace hack, the 2013 Tumblr breach, and the 2014 Bitcoin Security Forum breach for 0.0219 Bitcoins ($28.24).
Another 450,000 Gmail accounts for 0.0201 BTC (USD 25.76), which came from various other data breaches in Dropbox, Adobe, and others that took place between 2010 and 2016.
MySpace data breach from 2008 exposed 360 million user accounts, containing usernames, emails and their decrypted (plaintext) passwords, which were leaked on the dark web in 2016.
Almost, all breaches occured between 2010 and 2016.
WHAT YOU NEED TO DO :
Firstly, immediately change all your account passwords.
Also enable two-factor authentication for all your online accounts immediately.
A strong recommendation: Don’t Reuse Passwords.
Also, change your password every few months, which limits how long a stolen password is useful to a hacker.
The best practice is to use a good password manager. It will generate, store and change regularly strong, unique passwords for all your accounts.
But ensure that password managers have no vulnerabilities.