100 million credentials from the Russian Facebook VK.com go on sale

100 million login credentials belonging to the users of the Russian social networking platform VK.com (VKontakte) are available for sale on the Dark Web.

Another day another data breach, this time 100 million login credentials belonging to the users of the Russian social networking platform VK.com (VKontakte) are available for sale. Some experts estimate that the number of hacked records could be higher, reaching 170 million accounts.

VK.com is the Russian version of the most popular Facebook, it was created by Pavel Durov, who later left the company to launch the messaging app Telegram. It has been estimated that VK had 100 million users in 2014.

The popular social network was breached by hackers who offered 100 million records for a US$580, of course, the payment is in Bitcoins.

LeakedSource accredits a hacker that called itself “Tessa88” as the seller, the archive is available on The Real Deal black market.

The vast majority of email addresses use Russian services, the “@mail.ru” domain accounts for 41,132,524 followed by @yandex.ru (11,604,169) and @rambler.ru (7,416,993).

Data related to the data breach were analyzed by LeakedSource which received portions of the breached database. The leaked database contains at least 100 million records of VK.com users, each record includes name, user login, and phone number.

“VK.com was hacked. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This database was provided to us by a user who goes by the alias “Tessa88@exploit.im”, and has given us permission to name them in this blog.” reported LeakedSource “This data set contains 100,544,934 records. Each record may contain an email address, a first and last name, a location (usually city), a phone number, a visible password, and sometimes a second email address. “

The same data were provided to MotherBoard by the hackers known as Peace, the same that offered for sale the databases of LinkedIn and MySpace.

“Peace provided Motherboard with a dataset containing a total of 100,544,934 records, and LeakedSource provided a smaller sample for verification purposes. The data contains first and last names, email address, phone numbers and passwords.” states Joseph Cox from MotherBoard.

According to Peace, the passwords were not encrypted when VK.com was breached, the login credentials appear to have stolen in in 2012 or 2013.

It is clear that the availability of so large archive allows hackers to target other platforms searching for users that share same credentials among multiple web services.

Let me close with a rapid mention to the most popular passwords in the dataset analyzed by LeakedSource, I share with you a portion of the table published on its web site.

The password “123456” is the most popular with 709,067 instances, followed by “123456789” and “qwerty,” this is the evidence that users still have no idea of the risks related to the use of weak passwords.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – VK.com, data breach)