Tens of millions of hacked Gmail and Yahoo email accounts are being sold on the dark web

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Over 25 million Gmail and Yahoo accounts are being sold online, according to a new report.

They’re available for purchase on the dark web, with the vendor selling them going by the name ‘SunTzu583’.

According to HackRead, SunTzu583 is asking for $450 for 21,800,969 Gmail accounts, 75% of which supposedly contain decrypted passwords, with the remaining 25% hashed.

The data was stolen through hacks on Dropbox, Nulled.cr and MPGH.net between 2012 and 2016.

SunTzu583 has a separate $200 listing for a further 4,928,888 accounts, which allegedly contain email addresses and clear text passwords.

HackRead says these were stolen as part of LinkedIn, Adobe and Bitcoin Security Forum.

The cybercriminal is also selling 5,741,802 Yahoo accounts, many of which were stolen as part of MySpace, LinkedIn and Adobe hacks, for $250.

However, SunTzu583 has informed potential buyers that “Not all these combinations work directly on Yahoo, so don’t expect that all these email and passwords combinations work on Yahoo.”

Yahoo has been rocked by two of the biggest hacks of all time, and users who think they might be affected should take steps to protect themselves immediately, such as updating their passwords.

You can find out if you've been hacked by checking your email address at haveibeenpwned.com.