Millions of hacked Gmail and Yahoo email accounts sold on the dark web

kev · March 22, 2017, 12:13pm

C&P
BEWARE…
Users who think they might be affected should update their passwords immediately…
They’re available for purchase on the dark web, with the vendor selling them going by the name ‘SunTzu583’.
According to HackRead, SunTzu583 is asking for $450 for 21,800,969 Gmail accounts, 75% of which supposedly contain decrypted passwords, with the remaining 25% hashed.
SunTzu583 has a separate $200 listing for a further 4,928,888 accounts, which allegedly contain email addresses and clear text passwords.
HackRead says these were stolen as part of LinkedIn, Adobe and Bitcoin Security Forum.

The cybercriminal is also selling 5,741,802 Yahoo accounts, many of which were stolen as part of MySpace, LinkedIn and Adobe hacks, for $250.

However, SunTzu583 has informed potential buyers that “Not all these combinations work directly on Yahoo, so don’t expect that all these email and passwords combinations work on Yahoo.”

Yahoo has been rocked by two of the biggest hacks of all time, and users who think they might be affected should take steps to protect themselves immediately, such as updating their passwords.

You can find out if you’ve been hacked by checking your email address at haveibeenpwned.com.

www.cnet.com
The Gooligan malware attack targeting Android devices has infected more than a million Google accounts and growing by 13,000 new users a day. It affects devices running Android 4 (Jelly Bean, KitKat) and Android 5 (Lollipop), according to Check Point.

Gooligan spreads via apps from third-party app stores and malicious links in phishing attack messages. It downloads a rootkit to steal authentication tokens to breach data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs. It also installs app that can steal your account information to post fake ratings and reviews to raise the profile of these apps.

Has your account been compromised? It’s easy to check to find out.

[SIZE=4]Check your account at Check Point[/SIZE]
Head to the Check point website and enter your email address. It will immediately let you know if your account has been breached.

vuja_de · March 22, 2017, 12:25pm

Pro tip: Enable two-step verification on your accounts.

It will render hacking useless, as they won’t be able to log in without your phone

kyuktothecore · March 22, 2017, 12:35pm

Mukamba muyinga, life is too short for two-factor authentication bana
https://img.memesuper.com/10d0c3567f4726aec071089f110d1344_a0ed68c2b414e58e131e7fa1c7ac66-aint-nobody-got-time-for-that-memes_480-360.jpeg

vuja_de · March 22, 2017, 12:38pm

Meffi ulipeleka wapi @unicorn

kyuktothecore · March 22, 2017, 12:41pm

Aliogopa kuambukizwa peasantry akajitoa.

123tokambio · March 22, 2017, 3:45pm

Kabisa, kativoi mjanja

moneyguy · March 23, 2017, 2:15pm

Remember to use a dumb phone with 2FA. Smartphone texts can be intercepted by AITM attacks

WuTang · March 23, 2017, 2:27pm

Kwanza email mtu anatumia for paypal na online banking ziko vulnerable sana.

moneyguy · March 23, 2017, 2:32pm

There are toolkits designed for this purpose specifically.
[ol]
[li]ION: kaspersky will have some interesting stuff on April 6 can’t wait. [/li][/ol]

katwitwi · March 23, 2017, 3:46pm

sasa izi jargon za IT ni za nini…use simpler terms buana…

katwitwi · March 23, 2017, 3:50pm

kev:

C&P
BEWARE…
Users who think they might be affected should update their passwords immediately…
They’re available for purchase on the dark web, with the vendor selling them going by the name ‘SunTzu583’.
According to HackRead, SunTzu583 is asking for $450 for 21,800,969 Gmail accounts, 75% of which supposedly contain decrypted passwords, with the remaining 25% hashed.
SunTzu583 has a separate $200 listing for a further 4,928,888 accounts, which allegedly contain email addresses and clear text passwords.
HackRead says these were stolen as part of LinkedIn, Adobe and Bitcoin Security Forum.

The cybercriminal is also selling 5,741,802 Yahoo accounts, many of which were stolen as part of MySpace, LinkedIn and Adobe hacks, for $250.

However, SunTzu583 has informed potential buyers that “Not all these combinations work directly on Yahoo, so don’t expect that all these email and passwords combinations work on Yahoo.”

Yahoo has been rocked by two of the biggest hacks of all time, and users who think they might be affected should take steps to protect themselves immediately, such as updating their passwords.

You can find out if you’ve been hacked by checking your email address at haveibeenpwned.com.

www.cnet.com
The Gooligan malware attack targeting Android devices has infected more than a million Google accounts and growing by 13,000 new users a day. It affects devices running Android 4 (Jelly Bean, KitKat) and Android 5 (Lollipop), according to Check Point.

Gooligan spreads via apps from third-party app stores and malicious links in phishing attack messages. It downloads a rootkit to steal authentication tokens to breach data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs. It also installs app that can steal your account information to post fake ratings and reviews to raise the profile of these apps.

Has your account been compromised? It’s easy to check to find out.

[SIZE=4]Check your account at Check Point[/SIZE]
Head to the Check point website and enter your email address. It will immediately let you know if your account has been breached.

haveibeenpwned.com . harafu nimecrick “notify me when am breached”
kuna shida?

moneyguy · March 23, 2017, 3:56pm

2FA -two factor authentication
AITM -App In The Middle (rogue app registers itself as the handler for an sms, it reads the text and deletes it without phone user interaction.