A vendor with the online moniker “SunTzu583” is reportedly selling millions of login credentials for Gmail and Yahoo accounts on a black market in the dark web. Over 20 million Gmail accounts and 5 million Yahoo accounts are available for sale, the huge trove of data is the result of previous massive data breaches.
SunTzu583 is known to security experts, he was specialized in the sale of stolen login credentials.
A couple of weeks ago the colleagues at HackRead reported the sale of more than 1 million Gmail and Yahoo accounts by the same seller and a few days later, SunTzu583 started selling PlayStation accounts.
SunTzu583 offered 640,000 PlayStation accounts for USD 35.71 (0.0292 BTC), the dump includes emails and clear-text passwords.
SunTzu583 confirmed that the archive was not directly stolen from PlayStation network, but it does contain unique accounts of PlayStation users. The seller added that even if the accounts may work for other web services they are first of all PlayStation accounts.
Back to the present, the seller SunTzu583 is offering in separate listings millions of Gmail accounts.
In three different listings, he is offering 4,928,888 accounts.
“The total number of Gmail accounts being sold are 4,928,888 which have been divided into three different listings. All three listings contain 2,262,444 accounts including emails and their clear text passwords.” reports the analysis published by HackRead. “In the description of these listings, SunTzu583 has mentioned that “Not all these combinations work directly on Gmail, so don’t expect that all these email and passwords combinations work on Gmail.””
The researchers at HackRead who have compared the listings with Hacked-DB and Have I been pwned repositories confirmed that the sources of the data are past data breaches including LinkedIn (117 million accounts), Adobe (153 million accounts) and Bitcoin Security Forum (5 million Gmail passwords).
The vendor SunTzu583 is offering also another separate listing including additional 21,800,969 Gmail accounts that go for USD 450.48 (BTC 0.4673). According to the seller, 75% accounts contain decrypted passwords while 25% passwords are hashed.
The seller is also allegedly selling 5,741,802 Yahoo accounts for $250 (0.2532 Bitcoins).
Most of the accounts listed were not active and the sources may be MySpace, Adobe and LinkedIn data breaches.
The dark web vendor warns users that not all the login credentials work.
(Security Affairs – dark web, Gmail)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.