6 April 2017

DARK WEB VENDOR SELLING ALLEGEDLY SELLING ONE MILLION DECRYPTED GMAIL & YAHOO ACCOUNTS


The website, DarkWebNews posted an article on March 23, 2017, with the title above. DarkWebNews writes that “a vendor going by the pseudonym “SunTzu583,” on a dark web marketplace is allegedly selling over one million decrypted Yahoo and Gmail accounts obtained from previous data breaches.”

“The listing — which offers sets of email addresses, user names, passwords, and in some cases, plain-text password hints and internal IDs — is being made available for various prices, depending on the dataset,” that is being requested, DarkWebNews reports. “100,000 Yahoo accounts stolen in the 2012 Last.fm breach is going for 0.0079 Bitcoin, the equivalent of $10.75; another 145K Yahoo mail accounts obtained from the 2008 MySpace data breach, and the 2013 Adobe hack are going for 0.0102 Bitcoin ($13.75).”

“More than 40 million user accounts were exposed in the Last.FM hack,” DarkWebnews notes, “while a staggering 360M were stolen and leaked on the Dark Web in the MySpace breach of 2008. The DarkWeb vendor offered another half million sets of credentials on a different listing; but,for a marginally higher price of 0.0210 Bitcoin, or ($28.24).”

DarkWebNews adds that “a large portion of the [digital] credentials obtained in this dataset was allegedly obtained from the aforementioned 2008 MySpace breach, while fairly smaller contributions came from the 2013 and 2014 hacks on Tumblr and Bitcoin Security Forum hacks, respectively. In another listing on the same dark web marketplace, the vendor offers another set of 450K Gmail accounts for 0.0199 Bitcoin, which were allegedly obtained from other minor breaches that took place between 2010 and 2016.”

“Previous breaches on Adobe, Flash, Flash Revolution, XBox360 ISO, and DropBox are among the more notable contributors,” to the cache of Internet accounts that are being sold.” DarkWebNews notes that the seller of these pilfered credentials and personal digital information “has been notorious for trafficking drugs, firearms, and pornography — which is illegal on the clear net”; but, is now becoming a digital destination of choice for the buying and selling of compromised personal passwords, and other sensitive digital material. “Seemingly a reliable vendor, SunTzu583 has hundreds of sales to his name; and boasts five reviews, four of the positive, and one neutral.”

Don’t think anyone should be surprised by any of this. One person’s digital misery is another person’s digital profit.

No comments: