Major Russian social networking website VK.com has reportedly been breached by hackers looking to sell some 171 million user accounts for one bitcoin, or USD $580.
A breach of Russian social network VK.com, a Facebook clone, has been reported by LeakedSource, a website that has obtained parts of the breached database.
Of the 171 million user accounts, at least 100 million accounts have users’ data including names, user logins and phone numbers exposed in the cache.
The seller is a hacker who goes by the name ‘Tessa88’, hawking the database on The Real Deal, a darkweb marketplace. The same hacker was also associated with the recent dump of MySpace credentials.
Also read: Is This the Worst Governmental Data Breach, Ever?
The breach is thought to have occurred in 2012 or 2013 and has yet to be validated by the website itself. However, the numbers that turn up in the near 20 GB cache is certainly close to the figures of the social network’s total membership, at the time.
Formerly known as Vkontakte, the Russian social network is now one of the largest in Europe, with over 350 million users according to the most recent figures. The breach, which occurred in late 2012 or early 2013, snagged over 170 million user accounts’ data. At the time, VK’s membership base had just scaled beyond 190 million users. This further adds to the very likely plausibility of the breach of VK’s servers showing to be a legitimate one.
Also read: Hacker Offers Millions of MySpace Passwords and Emails for $2,800
The most common password as ascertained by LeakedSource who combed through the records is, unsurprisingly, “123456”. The most common email addresses also came from email provider mail.ru. VK.com was bought by the Mail.ru group earlier in 2014.
A plethora of major stolen databases as a result of breaches affecting major websites have been revealed in recent times. The stolen databases are often sold and even given away on underground cybercrime forums. While several data clusters are notably fake, the stolen records help criminals with the required information to pass security checks and engage in identity theft. Individuals’ accounts are also accessed as efficient dictionary-based brute force attacks are often successful due to the stolen passwords.
Featured image from Shutterstock.