Login credentials and other personal data leaked of Over 1 Million Yahoo And Gmail account offered for sale in dark web marketplace according to reports.
Hardly any day goes without about any cyber attack or data breach.
In past years, billions of account from the popular website including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet.
The sale of details of accounts on Dark web contains usernames, emails and plain text passwords.Account are collected from several data breaches.
What Is Dark Web?
A Dark web marketplace is a place where one can buy all sorts of illegal kinds of stuff like drugs, fake id cards, weapons, credit and debit card details.
Lately, Dark web marketplace has become the most popular place for Hackers and Cyber criminals to sell data breached from the Internet.
Also Read:Revealing Deep Web And Dark Web.
List Of Accounts On Sale
‘SunTzu583’ name of the hacker who is selling account details on Dark Web, Hack Read reported.
- 100,000 Yahoo accounts acquired from 2012 Last.FM data breach, for 0.0084 Bitcoins ($10.76).
- 145,000 Yahoo accounts acquired from the 2013 Adobe data breach and the 2008 MySpace breach for 0.0102 Bitcoins (USD 13.75).
- 500,000 Gmail accounts from the 2008 MySpace hack, the 2013 Tumblr breach, and the 2014 Bitcoin Security Forum breach for 0.0219 Bitcoins ($28.24).
- 450,000 Gmail accounts, from various other data breaches in Dropbox, Adobe, and others that took place between 2010 and 2016 for 0.0201 BTC (USD 25.76)
43 Millions of accounts were compromised in Last.FM Data breach in 2012 and publicly released in September.
152 Million accounts were breached containing internal IDs, usernames, emails, encrypted passwords and a password hint in the plain text of Adobe, breached in 2013.
Millions of Gmail accounts were breached between 2008 to 2016 and stolen from multiple websites likes Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and Xbox360 ISO.
Is the data legit?
It is hard to verify that data is legit or not.
What to do?
First of all and the major step is to change all your passwords without further delaying.(Use Strong password)
Enable two-step verification, if anyone tries to login you will get a notification about suspicious attempts has been tried.
Change your password frequently within a week or a month.