A hacker is offering the login details of one million Gmail and Yahoo! Mail accounts for sale on a dark web marketplace.
SunTzu583 is hawking decrypted files of usernames, email addresses and passwords harvested in a number of previous cyber attacks on major websites, including the 2012 Last.fm data breach, the 2013 Adobe attack and the 2008 MySpace hack.
The cyber criminal is charging low prices for the data, presumably due to its age and the fact that much of it is already in the public domain.
A list of 100,000 Yahoo! Mail accounts stolen during the Last.fm attack is being offered for 0.0079 BTC (€10.16), while 500,000 Gmail accounts obtained in various hacks is priced at 0.0219 BTC.
Google and Yahoo! have yet to comment on the availability of the data.
The Express quotes Lee Munson, Security Researcher at Comparitech.com, as saying: “In an ideal world, the fact that someone is selling stolen credentials, pilfered during data breaches from years gone by, should not be any cause for concern because everyone potentially affected would have already reacted in an appropriate manner.
“In reality, however, a great many people may have been put at risk, largely because they haven’t changed passwords that they have reused across several other accounts.”
InfoSec news site HackRead checked some of the stolen credentials on data breach notification platforms such as Haveibeenpwned. While it found many were listed as compromised, it discovered some accounts had been blocked due to their owners’ failure to change their passwords.
Hackers are increasingly attempting to offload data from historical breaches on dark web marketplaces at bargain-basement prices. While less useful to cyber criminals than fresh login credentials, the lists can still be used to commit crimes such as online fraud and identity theft.
Even when users have changed their passwords, hackers can still attempt to use old login credentials on other platforms, hoping that account holders have used the same passwords across other platforms.
Speaking with SC Media UK about the hacked data, CEO of British fraud detection platform Ravelin said: “The dark web is now the source of the most frequent crime in the UK – payment fraud. Every day we see new tranches of details going on sale. These details then fuel account takeovers and identify thefts that are costing UK business billions of pounds every year.”
Email users who suspect their account may have been compromised in any of the attacks the data was stolen in should change their passwords as soon as possible if they have not already done so. Account holders would also be well advised to activate two-factor authentication where available, and avoid using the same password for multiple accounts.