The Hackr

Decrypted 1 Million Gmail and Yahoo Passwords for Sale on Dark Web

The data poses a massive security threat for users since each and every password has been decrypted.

A dark web marketplace is where one can buy all sorts of illegal stuff including drugs, fake id cards and weapons. Lately, these marketplaces have become the best place for hackers and cyber criminals to sell databases stolen from Internet giants.

In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, were exposed on the Internet.

Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace.

The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it.


The hacker going by the online handle ‘SunTzu583’ is selling cracked Gmail and Yahoo accounts on dark websites.

Yahoo accounts

According to list published last week, 100,000 Yahoo accounts acquired from 2012 Last.FM data breach, for 0.0084 Bitcoins ($10.76). This breach exposed 43 million user accounts that were publicly released in September 2016.

Another listing from SunTzu583 shows more 145,000 Yahoo accounts available for sale in 0.0102 BTC (USD 13.75). These accounts are acquired from two separate data breaches – the 2013 Adobe data breach and the 2008 MySpace breach.

Decrypted yahoo

Adobe breach exposed over 153 million accounts containing internal IDs, usernames, emails, encrypted passwords and a password hint in plain text.

And MySpace data breach exposed 360 million user accounts, containing usernames, emails and their decrypted (plaintext) passwords, which were leaked on the dark web in 2016.


Gmail accounts

Google’s Gmail is known as one of the most secure email service providers, but there is nothing that Google can do when Gmail accounts are stolen due to a third party breach.

500,000 Gmail accounts from the 2008 MySpace hack, the 2013 Tumblr breach, and the 2014 Bitcoin Security Forum breach for 0.0219 Bitcoins ($28.24).

Another 450,000 Gmail accounts for 0.0201 BTC (USD 25.76), which came from various other data breaches in Dropbox, Adobe, and others that took place between 2010 and 2016.

Decrypted Gmail

MySpace data breach from 2008 exposed 360 million user accounts, containing usernames, emails and their decrypted (plaintext) passwords, which were leaked on the dark web in 2016.

Almost, all breaches occured between 2010 and 2016.


Firstly, immediately change all your account passwords.

Also enable two-factor authentication for all your online accounts immediately.

A strong recommendation: Don’t Reuse Passwords.

Also, change your password every few months, which limits how long a stolen password is useful to a hacker.

The best practice is to use a good password manager. It will generate, store and change regularly strong, unique passwords for all your accounts.

But ensure that password managers have no vulnerabilities.


It was a hobby I got into a long time ago, hacking cameras. And I am here making posts @TheHackr today!

Chat With Our Bot ☎️

IntroducingTheHackr Chatbot,now anyone can interact with our messenger bot and get daily crunches about Cyber-Security in just a clicks away!