It’s not unusual to find email accounts for sale on the dark web, but up to one million email accounts with decrypted passwords
have recently been discovered.
It has been claimed that the hacked accounts came from earlier breaches and are being offered for sale by a vendor called SunTzu583.
Here’s the Breakdown on Hacked Gmail and Yahoo Accounts:
- 100,000 Yahoo accounts acquired from the Last.FM breach in 2012 - these accounts contain usernames, emails and passwords in a plain text format.
- 145,000 Yahoo accounts including usernames, emails and decrypted passwords. These accounts were taken during the Adobe breach in October 2013 and MySpace breach in 2008.
- 500,000 Gmail accounts including usernames, emails and clear text passwords stolen from three breaches: Bitcoin Security Forum breach in September 2014, the MySpace breach in 2008 and the Tumblr breach in 2013.
- 450,000 Gmail accounts stolen during the following data breaches: Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and Xbox360 ISO breach all of which took place between 2010 to 2016.
The question hanging in the balance is whether or not these stolen accounts pose a threat for the owners? Although the data is old and was stolen during a number of earlier breaches, it is still available in clear text format and is being offered for sale in one place.
This means that even if 95 percent of the data is redundant (e.g. because the account owners changed their passwords or the accounts were shut down), there could still well be a substantial number of accounts that are active.
For example, when the Xbox360 ISO
breach happened in 2015, account owners were encouraged to change their passwords, however, the law of averages
suggests that there will be a significant number who didn’t.
If any of the data breaches listed above rings a bell and you think your Yahoo or Gmail account might have been compromised, now
is the time to change your password if you haven’t already.
The 450,000 Gmail accounts are being sold for a mere $25. If a buyer finds only 1,000 accounts that are still active, it’s a lucrative investment for them -- using the accounts to carry out fraud could generate a thousand times their investment.
Netflix Accounts for Sale
The same seller, SunTzu583, also has Netflix accounts for sale on the dark web trading platform, Hansa. In the listing details SunTzu583m, says:
“Selling 50 to 10,000 Netflix Accounts at a Time for Reselling Or any Other Purpose. All Accounts will be checked before giving and will work a 100% before sold to you. Prices: 50 Accounts for 15 dollar, 100 Accounts for 25 dollar, etc.... (The more you buy the cheaper they get)”
These Netflix accounts are believed to have been put up for sale fairly recently according to buyer’s feedback - dated as the last few weeks in February 2017, although a breach did take place late last year
In his profile, SunTzu583 explains that he trades in all things electronic, including databases, and that he is offering Netflix accounts for sale in bulk quantities.
The Need For Tough Passwords
Clearly, we should all know by now that many organizations are simply not good at protecting our data as the above breaches illustrate.
This places the onus on us to use strong passwords that are difficult, if not impossible, to crack. One of the unstated implications in the above breaches is that the passwords were easy to hack.
If you create a password that has about ten characters composed of upper and lowercase letters, symbols and numbers it will be very difficult for anyone to obtain access.
If you want to know how to create a strong password to prevent this happening to you and, of course, is easy to remember then click here
Has your account been compromised?
You can check whether your email address has been breached by going to the following web site:https://haveibeenpwned.com/
Simply enter your email address and find out whether your account has been compromised or not.