SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
6 Jun 2016

100 million VK.com accounts stolen by hackers

Accounts for over 100 million users of popular social media site VK.com are being traded on the digital underground.

Breach notification site LeakedSource obtained the data and published an analysis on Sunday. The hacker known as Peace, meanwhile, listed the data for sale on a dark web marketplace.

VKontakte, heavily inspired by Facebook, is particularly popular in Russia, and has all the same features one might expect, including messaging, profiles, photo galleries, like buttons, and more. The site was founded by Pavel Durov, who sold his stake in VK and created the messaging app Telegram. As of 2014 VK had 100 million users. Peace provided experts with a dataset containing a total of 100,544,934 records, and LeakedSource provided a smaller sample for verification purposes. The data contains first and last names, email address, phone numbers and passwords.

According to Peace, the passwords were already in plain text when the site was hacked, and were not cracked at a later date. Peace is selling the data for 1 bitcoin, or around $570 at today's exchange rates. Out of 100 randomly selected email addresses from the larger dataset, 92 corresponded to active accounts on the site. A Russian friend confirmed that the password was correct. 

While many of phone numbers were genuine, not all of users had numbers listed. At the time of writing, a phone number is required upon registration, but that was not always the case. Indeed, according to Peace, the site was hacked sometime between 2011 and 2013, although exactly when is unclear. Peace claimed to have access to another 71 million accounts, but decided not to sell them yet.

LeakedSource wrote on its blog that the data was provided by someone who used the alias “Tessa88.” This is the same pseudonym that came up around the recent proliferation of user data from MySpace. According to LeakedSource's analysis, the most popular password in the dataset was “123456,” with 709,067 appearances. Many other passwords were predictable, including “qwerty,” “123123,” and “qwertyuiop.”

The vast majority of email addresses, according to LeakedSource, use the “@mail.ru” domain, with 41,132,524. Other Russian services dominate the list of top email domains. Neither Durov from Telegram nor the press contact for VK replied to a request for comment.

The lesson: Huge datadumps of email addresses and passwords continue to surface. Again, the main lesson from all of these hacks is that users have to create a unique password for every site. This shouldn't be seen as a fancy, additional security step, but a fundamental one to stop hackers getting into different accounts. When the most popular sites on the internet, and the ones that hold our most personal information, are being breached, proper password use is a must.

Tags:
Vkontakte information leaks Russia hackers
Source:
Motherboard
2852
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015