Over a million decrypted Gmail and Yahoo Mail accounts are reportedly at the risks of being exposed to malicious elements on the darker side of the Web.
According to reports, key details such as usernames, passwords, and email addresses belonging to the affected accounts are currently being offered by the perpetrators on the Dark Web. Apparently, some Bitcoins is all it would take for basically anyone to get hold of your key account data.
As the news broke, Gmail and Yahoo Mail users are being advised to review their security settings to avoid being at the receiving end of this massive breach.
A hacker who goes by the alias “SunTzu583” is believed to be behind the breach. The accounts up for sale include Yahoo Mail and Gmail accounts that were compromised in multiple previous attacks. That includes the over 100,000 Yahoo Mail accounts leaked from 2012 Last.fm breach, as well as about 150,000 accounts breached in 2013 Adobe hack.
The main stash, however, appears to be the 500,000 Gmail accounts that reportedly came from the 2008 MySpace breach, 2013 Tumblr attack, as well as the 2014 Bitcoin Security Forum hack.
The most worrying part of this breach is that the compromised accounts are basically being offered for pennies. That understandably raises questions about the state of affairs in the overall security apparatus protecting hundreds of millions of users of these huge companies.
“In an ideal world, the fact that someone is selling stolen credentials, pilfered during data breaches from years gone by, should not be any cause for concern because everyone potentially affected would have already reacted in an appropriate manner,” Lee Munson, a security researcher at Comparitech.com, noted, the Express reports.
“In reality, however, a great many people may have been put at risk, largely because they haven’t changed passwords that they have reused across several other accounts.”