Tens of millions of hacked Gmail and Yahoo email accounts are being sold on the dark web

Users who think they might be affected should update their passwords immediately

Aatif Sulleyman
Tuesday 21 March 2017 08:39 EDT
Comments
Yahoo has been rocked by two of the biggest hacks of all time
Yahoo has been rocked by two of the biggest hacks of all time

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Over 25 million Gmail and Yahoo accounts are being sold online, according to a new report.

They’re available for purchase on the dark web, with the vendor selling them going by the name ‘SunTzu583’.

According to HackRead, SunTzu583 is asking for $450 for 21,800,969 Gmail accounts, 75% of which supposedly contain decrypted passwords, with the remaining 25% hashed.

The data was stolen through hacks on Dropbox, Nulled.cr and MPGH.net between 2012 and 2016.

SunTzu583 has a separate $200 listing for a further 4,928,888 accounts, which allegedly contain email addresses and clear text passwords.

HackRead says these were stolen as part of LinkedIn, Adobe and Bitcoin Security Forum.

The cybercriminal is also selling 5,741,802 Yahoo accounts, many of which were stolen as part of MySpace, LinkedIn and Adobe hacks, for $250.

However, SunTzu583 has informed potential buyers that “Not all these combinations work directly on Yahoo, so don’t expect that all these email and passwords combinations work on Yahoo.”

Yahoo has been rocked by two of the biggest hacks of all time, and users who think they might be affected should take steps to protect themselves immediately, such as updating their passwords.

You can find out if you've been hacked by checking your email address at haveibeenpwned.com.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in