Russia’s most popular social media website VK was hacked and around 100m user accounts are now up for sale on the dark web. The stolen database posted online includes critical personal information such as names, email addresses, passwords, geolocations and in some cases, even phone numbers.
The pseudonymous hacker Peace listed the stolen database on the dark web and is selling the data for 1 Bitcoin or $570. VK, which is considered to be Russia’s answer to Facebook, was previously known as VKontakte and was founded by Pavel Durov, who later sold VK to Russian email provider Mail.ru in 2014, only to create the encrypted messaging app Telegram.
The breach notification website LeakedSource has acquired the data, which was provided to them by a user going by the alias Tessa88. This alias has also been connected to the recent major breaches suffered by MySpace and LinkedIn, indicating that the same hacker/hacker group may have had a hand in the recent string of high-profile data breaches.
According to a report by Motherboard, the hacker claimed that the passwords were in plain text at the time of the hack and have not been cracked later.
Peace also claimed that the website was originally hacked between 2011 and 2013, although it is still unclear as to the exact date and time of the breach. The hacker has also allegedly accessed an additional 71 million accounts but has decided to hold on to the data for the time being.
LeakedSource’s analysis of the data revealed that the most popular password used by VK users was “123456”, which was used by over 700,000 users. Among the other commonly used passwords were the predictable “qwerty”, “123123” and “111111”. LeakedSource also uncovered that of all the email addresses leaked on the database, Mail.ru domain dominated the list with over 41,000,000 users, while most others belonged to other Russian email providers.
According to VK’s app development page, the St Petersburg-based social media site has over 170 million active users and is believed to be one of the largest sites in Europe. So far, there has been no confirmation or denial from VK about the hack.