VK.com Hacked: Millions of Accounts With Cleartext Password Revealed

A hacker named Peace (or Peace_of_mind) has put on sale around 100,544,934 records on The Real Deal Dark Web marketplace for a price of 1 Bitcoin (around $570). These records are supposedly obtained from the Russian-based social networking website VK.com. Peace (or Peace_of_mind) is the same hacker who had earlier sold dump data from various big sites like Tumblr, MySpace, LinkedIn, and Fling.com.

VK.com

LeakedSource, a data breach search engine service has analyzed the dump data set sold by this hacker after obtaining it from one of the buyers. It has even added it to its services so that you can use your search engine to check whether your data was also compromised.

Surprisingly, experts reveal that VK.com stored the passwords in cleartext. If big sites like VK.com store the passwords in cleartext, then the situation is really alarming.

After analyzing the data dump, experts reveal that it mostly contained information such as email addresses, first and last name of users, location information like home address, telephone numbers, sometimes a secondary email, etc. Interestingly, in all cases, passwords were revealed in the cleartext.

Experts still don’t have any clue when VK.com was hacked but these social networking sites need to adopt the latest Web security policies for the sake of their users. Storing passwords in cleartext is totally unacceptable.

Here is the list of the top 25 most popular passwords and top 25 most popular email domains as analyzed from the leaked data.

Top 25 Passwords from the VK.com data dump

1123456709,067
2123456789416,591
3qwerty291,645
4111111189,151
51234567890156,614
61234567141,620
712345678107,799
812332193,048
900000091,981
1012312389,461
11777777787,022
12qwertyuiop77,256
1366666677,048
14123qwe68,800
1555555566,208
16zxcvbnm64,066
171q2w3e62,903
18gfhjkm57,386
19qazwsx56,465
201q2w3e4r55,251
2165432151,680
2298765432150,306
2312121244,652
24zxcvbn44,209
2577777742,279
RankEmail DomainFrequency

Top 25 email domains from the VK.com data dump

1@mail.ru41,132,524
2NONE21,877,927
3@yandex.ru11,604,169
4@rambler.ru7,416,993
5@bk.ru2,183,690
6@gmail.com2,033,429
7@list.ru1,586,503
8@ukr.net1,509,641
9@inbox.ru1,411,841
10@yahoo.com586,902
11@i.ua523,155
12@hotmail.com522,182
13@ya.ru518,710
14@bigmir.net413,599
15@yandex.ua319,155
16@meta.ua308,771
17@tut.by227,743
18@e-mail.ru147,319
19@pochta.ru138,758
20@qip.ru123,094
21@inbox.lv106,310
22@vkontakte.ru105,614
23@yndex.ru94,643
24@e1.ru84,581
25@meil.ru82,608