Lately, Dark Web marketplace is being a sale store for the personal information and credentials of many Google and Yahoo accounts.

Same as deep web, dark web does require particular software, configuration or authorization to access it and is not operated by search engines as google or other websites do.

Huge franchises offering online services are used as a source by dark web marketplaces to steal user data which is then used for trading. The dark web has also become a popular source for trading illegitimate goods and services.

100,000 yahoo accounts are reported to be sold by a seller using handle ‘SunTzu583’, who sold 43 million Last.fm account for 0.0079 BTC ($10.75) in 2012.

SunTzu583 is also involved in selling 500,000 Gmail accounts for 0.0219 bitcoins ($28.24). 2008 MySpace hack, the 2013 Tumblr breach, and the 2014 Bitcoin Security Forum breach are said to be the source of these accounts.

According to a report by HackRead, from 153 million accounts of 2013 Adobe Breach 145,000 yahoo accounts and 360 million accounts of 2008 MySpace are compromised for an offer of 0.0102 bitcoins ($13.75).

From data breaches that took place between 2010 and 2016, some 450,000 other Gmail accounts were also on sale list for bitcoins ($25.74) which includes data breaches from Dropbox and Adobe also.

As reported, the data on sale by SunTzu583 has been checked by matching it to data on data breach notification platforms, including HaveIBeenPwned.

According to penetration testers, the enterprise security is prone to great risk as many people are still using the same password for their personal accounts and work systems.

Attackers are successful in logging in as authorized users in corporate networks by using automation tools which if matched, enables them to try a combination of passwords, email address and username against corporate IT system. This gives them chance to look for data assets undetected by most security controls.

Big security risks could vanish if two-factor authentication and require password changes is implemented but many businesses are unable to do this.

A report was given by mobile identity firm TeleSign in June 2016, 73% of online accounts have duplicate passwords, 53% are those who use five or fewer passwords for their all online accounts. The report also states that 47% of online account holders are using the same password for five years.

However, security advisors suggest the users keep strong and unique passwords which should be changed regularly for all the accounts.