A hacker named Peace (or Peace_of_mind) has put on sale around 100,544,934 records on The Real Deal Dark Web marketplace for a price of 1 Bitcoin (around $570). These records are supposedly obtained from the Russian-based social networking website VK.com. Peace (or Peace_of_mind) is the same hacker who had earlier sold dump data from various big sites like Tumblr, MySpace, LinkedIn, and Fling.com.
LeakedSource, a data breach search engine service has analyzed the dump data set sold by this hacker after obtaining it from one of the buyers. It has even added it to its services so that you can use your search engine to check whether your data was also compromised.
Surprisingly, experts reveal that VK.com stored the passwords in cleartext. If big sites like VK.com store the passwords in cleartext, then the situation is really alarming.
After analyzing the data dump, experts reveal that it mostly contained information such as email addresses, first and last name of users, location information like home address, telephone numbers, sometimes a secondary email, etc. Interestingly, in all cases, passwords were revealed in the cleartext.
Experts still don’t have any clue when VK.com was hacked but these social networking sites need to adopt the latest Web security policies for the sake of their users. Storing passwords in cleartext is totally unacceptable.
Here is the list of the top 25 most popular passwords and top 25 most popular email domains as analyzed from the leaked data.