Breaking Gmail, Yahoo and Hotmail’s CAPTCHAs, has been an urban legend for over two years now, with do-it-yourself CAPTCHA breaking services, and proprietary underground tools assisting spammers, phishers and malware authors into registering hundreds of thousands of bogus accounts for spamming and fraudulent purposes.
This post intends to make this official, by covering an underground service offering thousands of already registered Gmail, Yahoo and Hotmail accounts for sale, with new ones registered every second clearly indicating the success rate of their CAPTCHA breaking capabilities at these services.
Monitoring the service for over a month now, revealed that during the period its “inventory of automatically registered email accounts” was emptying itself, then restoring to its current position – in the thousands, with 1 to 2 new accounts registered per second. Moreover, it’s important to point out that compared to situations where scammers are scamming the scammers, these people “deliver the goods” that they promise. Last week, they’ve also started offering Hotmail and Yahoo email accounts, again in the thousands. For the time being, there are 134, 670 Gmail accounts available for purchase, as well as 42,893 Hotmail, and 10,847 Yahoo email accounts. There’s naturally a price discrimination applied, for instance, if you’re buying up to 10k Gmail accounts, the price for 1k would be $6, from 10k to 100k the price drops to $5 for 1k, and if you’re going to buy over 100k accounts, the price would be $4 for 1k.