Tens of millions of hacked Gmail and Yahoo email accounts are being sold on the dark web

Your support helps us to tell the story

Support Now

Find out moreClose

As your White House correspondent, I ask the tough questions and seek the answers that matter.

Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.

Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election

Andrew Feinberg

White House Correspondent

Over 25 million Gmail and Yahoo accounts are being sold online, according to a new report.

They’re available for purchase on the dark web, with the vendor selling them going by the name ‘SunTzu583’.

According to HackRead, SunTzu583 is asking for $450 for 21,800,969 Gmail accounts, 75% of which supposedly contain decrypted passwords, with the remaining 25% hashed.

The data was stolen through hacks on Dropbox, Nulled.cr and MPGH.net between 2012 and 2016.

SunTzu583 has a separate $200 listing for a further 4,928,888 accounts, which allegedly contain email addresses and clear text passwords.

HackRead says these were stolen as part of LinkedIn, Adobe and Bitcoin Security Forum.

The cybercriminal is also selling 5,741,802 Yahoo accounts, many of which were stolen as part of MySpace, LinkedIn and Adobe hacks, for $250.

However, SunTzu583 has informed potential buyers that “Not all these combinations work directly on Yahoo, so don’t expect that all these email and passwords combinations work on Yahoo.”

Yahoo has been rocked by two of the biggest hacks of all time, and users who think they might be affected should take steps to protect themselves immediately, such as updating their passwords.

You can find out if you've been hacked by checking your email address at haveibeenpwned.com.