A hacker has put up for sale 100,544,934 records he claims were stolen from VK.com, a Russian-based social network. This is the same hacker that has previously sold data dumps from MySpace, LinkedIn, Tumblr, and Fling.com.

Named Peace (or Peace_of_mind), the hacker is asking for 1 Bitcoin (~$570) for the entire dataset, which is available for sale on The Real Deal Dark Web marketplace.

Data breach search engine service LeakedSource has got hold of the data from one of the people that bought it. The company has analyzed the dump’s contents and has added it to its service. Users can use their search engine and see if their data was compromised.


VK.com stored passwords in cleartext

According to the company’s experts, the data dump contains information such as email addresses, first name, last name, location information, phone numbers, sometimes a secondary email, and in all cases a cleartext password.

As of now, nobody knows when VK.com was hacked and this data stolen, but if VK.com still stores passwords in cleartext today, this should be a warning sign for its users.

All the LinkedIn, MySpace, and Tumblr breaches are believed to have taken place between 2012 and 2013, when some sites did not practice up to par Web security policies, such as hashing and salting passwords.

Below is a breakdown of the leaked data, with a list of top 25 most popular passwords, top 25 most popular email domains, and a screenshot of Peace’s VK.com listing.

Rank Password Frequency
Top 25 Passwords from the VK.com data dump
1 123456 709,067
2 123456789 416,591
3 qwerty 291,645
4 111111 189,151
5 1234567890 156,614
6 1234567 141,620
7 12345678 107,799
8 123321 93,048
9 000000 91,981
10 123123 89,461
11 7777777 87,022
12 qwertyuiop 77,256
13 666666 77,048
14 123qwe 68,800
15 555555 66,208
16 zxcvbnm 64,066
17 1q2w3e 62,903
18 gfhjkm 57,386
19 qazwsx 56,465
20 1q2w3e4r 55,251
21 654321 51,680
22 987654321 50,306
23 121212 44,652
24 zxcvbn 44,209
25 777777 42,279
Rank Email Domain Frequency
Top 25 email domains from the VK.com data dump
1 @mail.ru 41,132,524
2 NONE 21,877,927
3 @yandex.ru 11,604,169
4 @rambler.ru 7,416,993
5 @bk.ru 2,183,690
6 @gmail.com 2,033,429
7 @list.ru 1,586,503
8 @ukr.net 1,509,641
9 @inbox.ru 1,411,841
10 @yahoo.com 586,902
11 @i.ua 523,155
12 @hotmail.com 522,182
13 @ya.ru 518,710
14 @bigmir.net 413,599
15 @yandex.ua 319,155
16 @meta.ua 308,771
17 @tut.by 227,743
18 @e-mail.ru 147,319
19 @pochta.ru 138,758
20 @qip.ru 123,094
21 @inbox.lv 106,310
22 @vkontakte.ru 105,614
23 @yndex.ru 94,643
24 @e1.ru 84,581
25 @meil.ru 82,608
VK.com listing on the Dark Web

VK.com listing on the Dark Web

Let’s block ads! (Why?)

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲