The dark web is the right place where to buy stolen login credentials to major web services, last week the colleagues at HackRead reported the sale of more than 1 million Gmail and Yahoo accounts by a seller that goes online with the “SunTzu583” moniker
A few days later, the same vendor that was offering Gmail and Yahoo accounts for sale started selling PlayStation accounts.
SunTzu583 is offering for sale 640,000 PlayStation accounts for USD 35.71 (0.0292 BTC). The source of the stolen accounts is not clear, the dump includes emails and clear-text passwords.
SunTzu583 confirmed that the archive was not directly stolen from PlayStation network, but it does contain unique accounts of PlayStation users. The seller added that even if the accounts may work for other web services they are first of all PlayStation accounts.
A few months ago, several Playstation users reported their accounts have been hacked and that crooks have stolen the funds. Sony denied its server were hacked by crooks and added that the PlayStation accounts were accessed by using credentials from third-party data breaches.
At the time I was writing there is no confirmation about the authenticity of the 640,000 PlayStation accounts.
It is any way suggested to change the passwords for PS accounts, as usual, it is important to share the passwords for all the websites for which use the same login credentials.
(Security Affairs – PS accounts app, hacking)