Over a million Gmail and Yahoo credentials for sale on the Dark Web

Details such as usernames, e-mail address and passwords stored in plain text were all on offer giving hackers potential access to your account

A cyber criminal - who goes by the name SunTzu583 - has gone to great lengths to organize the sale of various packages of e-mail addresses on some sites hidden in the Dark Web's meanders. Over a million accounts are available to the highest bidder on the HackRead site where, fortunately, some security experts are also hanging out.

There's something for all budgets. Prices, in fact, vary due to - for example - the fact that many of the Yahoo details were already available, while some of the Gmail accounts are worth a few more bitcoins. Those of you who are worried about the security of your Gmail or Yahoo account should change your password immediately. Our advice, however, is to also turn on two-factor authentication where available, as it adds an extra layer of security to online services by sending a unique, one-time-use code to a mobile device, which must be entered in addition to the password.

Credentials for sale

According to the report provided by HackRead, among the compromised accounts on offer are 100,000 Yahoo accounts allegedly stolen in the Last.fm breach in 2012: information includes usernames, email addresses and passwords in plain text. Another 145,000 Yahoo accounts available for purchase would come from the Adobe (2013) and MySpace hacks, which occurred in 2008, but only made public in 2016. This data includes usernames, email addresses and "plain text" passwords. The number of Yahoo accounts on offer is downplayed due to the large number of Gmail accounts for sale. The first "package" is 500,000 Gmail accounts, including usernames, email addresses and passwords in plain text. These accounts, again according to HackRead, would come from the breach of the Bitcoin Security Forum (2014), of Tumblr (2013) and from the same hack suffered by MySpace that had already raided Yahoo's credentials as well. It's unclear whether the Bitcoin Security Forum was hacked in 2014, or whether these Gmail accounts came from the hack of five million accounts in September of that year. Another 450,000 Gmail accounts offered by the same vendor - that SunTzu583 we mentioned at the beginning - would be the spoils of various breaches including Last.fm, Adobe, Dropbox, Tumblr and more. Tutti questi account, per un prezzo totale di poco meno di 1,2 milioni di dollari, sono in vendita in cambio di Bitcoin.

Come difendersi dagli attacchi hacker

Cliccando sui link che seguono, invece, potrete scoprire  suggerimenti, alcuni più tecnici altri più alla portata di tutti, riguardanti la sicurezza informatica e scoprire le tipologie di attacchi più comuni: dagli attacchi DDoS al phishing, passando per le botnet.

  • Dai cyber terroristi ai White hat hacker, ecco chi sono e cosa fanno
  • Proteggere la privacy e dati personali, i consigli dell’esperto
  • Sei consigli per mettere al sicuro la vostra piccola o media impresa
  • Dieci consigli per non cadere nella trappola di una e-mail phishing
  • Come proteggere la tua mail con Password Sicura: cos’è e come funziona
  • Salvarsi dagli hacker: 5 errori da non commettere
  • Allarme virus, trojan e ransomware, la guida per difendersi
  • Cosa sono i ransomware e come si diffonde il contagio
  • Pericolo ransomware: come difendersi con buone pratiche e antivirus
  • Dilemma ransomware: è possibile fermare il "virus del riscatto"?
  • Attacco ransomware: piccole e medie imprese in pericolo
  • Cosa sono gli attacchi DDoS, come nascono e come difendersi
  • Cos’è il phishing? Una pericolosa truffa: ecco come non abboccare
  • Privacy online: ecco come salvaguardare i nostri dati personali
  • Come creare una password forte per proteggere l’identità online
  • Addio ai furti di password, ecco la verifica in due passaggi
  • I migliori password manager per mettere al sicuro i propri dati