Yahoo Mail and Gmail users are being warned to check their security settings after a huge hoard of accounts were reportedly put up for sale online by criminals.
Over a million decrypted accounts were being offered online by hackers seeing lucrative Bitcoin hauls.
Details such as usernames, email address and passwords stored in plan text were all on offer, giving hackers potential access to your account.
A hacker using the online handle “SunTzu583” is apparently behind the breach, offering accounts which appear to come from a number of previous major cyber-attacks and data breaches, reports HackRead.
This includes 100,000 Yahoo Mail accounts leaked from the 2012 Last.fm data breach, as well as another 145,000 accounts from the 2013 Adobe breach and the 2008 MySpace hack.
But the main stash appears to be 500,000 Gmail accounts, which allegedly come from the 2008 MySpace hack, the 2013 Tumblr breach and the 2014 Bitcoin Security Forum breach.
Another 450,000 Gmail accounts were also listed on sale by the same vendor for 0.0199 bitcoins, from various other data breaches that took place between 2010 and 2016, including the Dropbox, the Adobe and other hacks.
The scale of the breach, and the fact that accounts are on offer for pennies, raising worrying questions about the security protections of these huge companies, experts have said.
Lee Munson, security researcher at Comparitech.com, noted, “In an ideal world, the fact that someone is selling stolen credentials, pilfered during data breaches from years gone by, should not be any cause for concern because everyone potentially affected would have already reacted in an appropriate manner.”
“In reality, however, a great many people may have been put at risk, largely because they haven’t changed passwords that they have reused across several other accounts.”
Munson also urged users to check their details on haveibeenpwned.com, which is able to provide any information if any accounts have been compromised.
The news is sadly only one of several recent accounts of hackers attacked major email providers.
Yahoo Mail has been hit by several major breaches over the past two years, resulting in millions of user accounts being accessed by outside sources.
Around 32 million Yahoo Mail accounts were affected in the most recent attack, with hackers using forged cookies to access Yahoo user accounts without needing a password.
Yahoo has also infamously been hit by other major recent cyber-assaults which saw over a billion Yahoo user accounts compromised.
If you think you’ve been the victim of a cyberattack, check out Express.co.uk’s guide on the next steps to take here.
From : Express
Link : http://www.express.co.uk/life-style/science-technology/775598/gmail-yahoo-mail-accounts-hacked-for-sale-dark-web