1 million passwords are now for sale on the Dark web marketplaces. The dark web can be used for illegal trading of weapons, drugs, stolen images or hacked data from companies that are usually offering Web services. The dark web cannot be accessed using well-known web browsers and is also hidden from popular search engines.
A seller called “SunTzu583” is selling 100K Yahoo accounts from the Last.FM data breach back in 2012. In this hack, 43 million accounts were stolen and the price for 100K accounts is 0.0079 bitcoins that are equal to $10.75. Additionally, 145K Yahoo accounts that were stolen in MySpace and Adobe breach that happened in 2008 and 2013 are also on sale for 0.0102 bitcoins or $13.75.
The largest number of accounts (950K) came from Gmail users. Gmail accounts that were hacked between 2010 and 2016 include Tumblr, Bitcoin Security Forum and Dropbox breaches. Most accounts were hacked because of weak passwords usage and unfortunately, many people are still using the same weak passwords for various online services.
A security report made by a mobile identity company Telesign in 2016 says that 73% of online accounts are using duplicate passwords. 54% of internet users use five or less passwords for all their online accounts, while 47% of online users are using the same password that hasn’t been changed in five or more years.
If you’re concerned that your account might be compromised, please visit HaveIBeenPawned page.