One million accounts could be compromised and for sale on the dark web. A user called SunTzu583 is auctioning off 500,000 Gmail accounts for 0.0219 bitcoin ($28.24) in one auction and 450,000 in another for 0.0199 bitcoin ($25.74).
Gmail’s reputation for being one of the more secure providers is still largely intact, as the accounts involved in the auctions largely seem to have been hacked through third parties, such as the Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and via the Xbox360 ISO breach.
— RT America (@RT_America) February 4, 2017
SunTzu583 is also selling 100,000 Yahoo accounts for a mere 0.0079 bitcoin ($10.75), because the information was obtained back in the 2012 Last.fm hack. A fourth auction from the user is selling 135,000 Yahoo accounts obtained through an Adobe breach in 2013 and a MySpace breach in 2008, Hack Read reported.
— RT America (@RT_America) March 3, 2017
Some of the accounts have been confirmed through websites such as HaveIBeenPwned as well as by attempting to enter in the information into login pages. Hack Read reported that many of the login attempts were unsuccessful, as the passwords had been changed.
The information ranges from breaches in 2010 until 2016, and therefore it is questionable whether much of the information being sold by SunTzu583 is even still valid. However, it is recommended that users affected by breaches in the past change their passwords just to be safe.