Lately, Dark Web marketplace is being a sale store for the personal information and credentials of many Google and Yahoo accounts.
Same as deep web, dark web does require particular software, configuration or authorization to access it and is not operated by search engines as google or other websites do.
Huge franchises offering online services are used as a source by dark web marketplaces to steal user data which is then used for trading. The dark web has also become a popular source for trading illegitimate goods and services.
100,000 yahoo accounts are reported to be sold by a seller using handle ‘SunTzu583’, who sold 43 million Last.fm account for 0.0079 BTC ($10.75) in 2012.
SunTzu583 is also involved in selling 500,000 Gmail accounts for 0.0219 bitcoins ($28.24). 2008 MySpace hack, the 2013 Tumblr breach, and the 2014 Bitcoin Security Forum breach are said to be the source of these accounts.
According to a report by HackRead, from 153 million accounts of 2013 Adobe Breach 145,000 yahoo accounts and 360 million accounts of 2008 MySpace are compromised for an offer of 0.0102 bitcoins ($13.75).
From data breaches that took place between 2010 and 2016, some 450,000 other Gmail accounts were also on sale list for bitcoins ($25.74) which includes data breaches from Dropbox and Adobe also.
As reported, the data on sale by SunTzu583 has been checked by matching it to data on data breach notification platforms, including HaveIBeenPwned.
According to penetration testers, the enterprise security is prone to great risk as many people are still using the same password for their personal accounts and work systems.
Attackers are successful in logging in as authorized users in corporate networks by using automation tools which if matched, enables them to try a combination of passwords, email address and username against corporate IT system. This gives them chance to look for data assets undetected by most security controls.
Big security risks could vanish if two-factor authentication and require password changes is implemented but many businesses are unable to do this.
A report was given by mobile identity firm TeleSign in June 2016, 73% of online accounts have duplicate passwords, 53% are those who use five or fewer passwords for their all online accounts. The report also states that 47% of online account holders are using the same password for five years.
However, security advisors suggest the users keep strong and unique passwords which should be changed regularly for all the accounts.
Share this article
About the Author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.More from Zehra Ali
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
Watch Prime Videos With Full Catalog and Unblocked Access Unblocking streaming content from Amazon P...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2021. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interfere w...