Report: Dark web vendor selling millions of Gmail and Yahoo accounts stolen in old breaches
The dark web vendor SunTzu583, which was recently discovered selling over one million Gmail and Yahoo accounts along with their decrypted passwords, is now selling tens of millions more, HackRead has reported.
According to the report, one of SunTzu583's new listings is offering approximately 21.8 million compromised Gmail accounts for $450.48 – 75 percent of which, the vendor claims, include decrypted passwords (the other 25 percent feature hashed passwords). HackRead has confirmed that this data was aggregated from past breaches of Nulled.cr, MPGH.net, and Dropbox.
A separate set of SunTzu583 listings is offering up to 5 million Gmail accounts – $300.49 for the full data set or $125.48 for half. HackRead has determined that these compromised accounts stem primarily from the 2014 breach of Russian's Bitcoin Security Forum, but also from the LinkedIn and Adobe breaches.
In a third listing, SunTzu583 is selling over 5.7 million Yahoo users accounts – offering a third of the data set of $100.48, or the entire lot for $250.48. The vendor claims that each listing contains unique accounts – "however, after scanning the sample data, we found the majority of accounts were disabled while some were still working and stolen from MySpace, LinkedIn and Adobe data breaches," HackRead reported.