VK.com Hacked: Millions of Accounts With Cleartext Password Revealed

VK.com Hacked: Millions of Accounts With Cleartext Password Revealed

A hacker named Peace (or Peace_of_mind) has put on sale around 100,544,934 records on The Real Deal Dark Web marketplace for a price of 1 Bitcoin (around $570). These records are supposedly obtained from the Russian-based social networking website VK.com. Peace (or Peace_of_mind) is the same hacker who had earlier sold dump data from various big sites like Tumblr, MySpace, LinkedIn, and Fling.com.

VK.com

LeakedSource, a data breach search engine service has analyzed the dump data set sold by this hacker after obtaining it from one of the buyers. It has even added it to its services so that you can use your search engine to check whether your data was also compromised.

Surprisingly, experts reveal that VK.com stored the passwords in cleartext. If big sites like VK.com store the passwords in cleartext, then the situation is really alarming.

After analyzing the data dump, experts reveal that it mostly contained information such as email addresses, first and last name of users, location information like home address, telephone numbers, sometimes a secondary email, etc. Interestingly, in all cases, passwords were revealed in the cleartext.

Experts still don’t have any clue when VK.com was hacked but these social networking sites need to adopt the latest Web security policies for the sake of their users. Storing passwords in cleartext is totally unacceptable.

Here is the list of the top 25 most popular passwords and top 25 most popular email domains as analyzed from the leaked data.

Top 25 Passwords from the VK.com data dump

1 123456 709,067
2 123456789 416,591
3 qwerty 291,645
4 111111 189,151
5 1234567890 156,614
6 1234567 141,620
7 12345678 107,799
8 123321 93,048
9 000000 91,981
10 123123 89,461
11 7777777 87,022
12 qwertyuiop 77,256
13 666666 77,048
14 123qwe 68,800
15 555555 66,208
16 zxcvbnm 64,066
17 1q2w3e 62,903
18 gfhjkm 57,386
19 qazwsx 56,465
20 1q2w3e4r 55,251
21 654321 51,680
22 987654321 50,306
23 121212 44,652
24 zxcvbn 44,209
25 777777 42,279
Rank Email Domain Frequency

Top 25 email domains from the VK.com data dump

1 @mail.ru 41,132,524
2 NONE 21,877,927
3 @yandex.ru 11,604,169
4 @rambler.ru 7,416,993
5 @bk.ru 2,183,690
6 @gmail.com 2,033,429
7 @list.ru 1,586,503
8 @ukr.net 1,509,641
9 @inbox.ru 1,411,841
10 @yahoo.com 586,902
11 @i.ua 523,155
12 @hotmail.com 522,182
13 @ya.ru 518,710
14 @bigmir.net 413,599
15 @yandex.ua 319,155
16 @meta.ua 308,771
17 @tut.by 227,743
18 @e-mail.ru 147,319
19 @pochta.ru 138,758
20 @qip.ru 123,094
21 @inbox.lv 106,310
22 @vkontakte.ru 105,614
23 @yndex.ru 94,643
24 @e1.ru 84,581
25 @meil.ru 82,608
 
 

The post VK.com Hacked: Millions of Accounts With Cleartext Password Revealed appeared first on MobiPicker.

MobiPicker

(139)