Russia's largest SNS is hacked and 100 million passwords are leaked as plaintext without being encrypted

ByAutomobile Italia

Russia's largest social networking service "VKIs hacked and the password of 100 million accounts is "not encryptedClear textIt leaked out in the state of "It was discovered.

LeakedSource Analysis of VK.com Hack
https://www.leakedsource.com/blog/vk


VK: 100 mn passes stolen from Russia's biggest social network
https://thestack.com/security/2016/06/06/vk-100-million-clear-text-passwords-stolen/


There seems to be more than 280 million users in VK which is a popular SNS in Russia, but the password of 1054,934 accounts, which is more than one third of them, is in an unencrypted state It was revealed that it leaked out on the Internet. The fact that the password of the VK leaked is building a database of security related data that leaked informationLeakedSourceIt is clear on the blog.

LeakedSource is a site that stores information such as password leaked information and ID as a searchable database, and it is said that more than 1.8 billion data is kept. In addition, LeakedSource seems to respond to deletion correspondence of the data kept for free if requested. However, LeakedSource automates the function to delete information from the database, and it seems that it is impossible to immediately delete the data even if there is a request.

Since the password of the VK account leaked this time is stored as unencrypted clear text, it took several days to deal with the deletion is "shocking fact when considering the size of LeakedSource's community" Handle security related newsThe StackSays.

ByGlobal Panorama

According to LeakedSource, "Data leaked is a mail address, user's first and last name, address, telephone number, unencrypted password, and some users have spare email addresses leaked." In addition, it says that "[email protected]" is the user who told LeakedSource that the account information of VK is leaked.

In addition, LeakedSource publishes the top 55 of domains of passwords and e - mail addresses frequently used in VK, along with the numbers used. The password most frequently used is "123456", and 700 thousand times out of about 100 million outflow passwords used this password. This is equivalent to about 0.7% of about 100 million accounts that flowed out.

The password · top 55 which was used frequently among the leaked passwords are as follows. The numbers in parenthesis indicate the number of accounts using passwords.

01:123456 (70, 9067)
02:123456789 (41 6591)
03:Qwerty (291,645)
04:111111 (189151)
05:1234567890 (156,614)
06:1234567 (14, 1620)
07:12345678 (107,000)
08:123321 (90,348)
09:000000 (90, 0001)
Ten:123123 (80,461)
11:7777777 (80, 7022)
12:Qwertyuiop (7,726)
13:666666 (70, 7048)
14:123 qwe (68,800)
15:555555 (66,088)
16:Zxcvbnm (60,466)
17:1 q 2 w 3 e (62, 0003)
18:Gfhjkm (53,386)
19:Qazwsx (50, 6465)
20:1 q 2 w 3 e 4 r (55,251)
twenty one:654321 (51,680)
twenty two:987654321 (50 0 0 06)
twenty three:121212 (44,652)
twenty four:Zxcvbn (44,299)
twenty five:777777 (42,279)
26:1 q 2 w 3 e 4 r 5 t (40, 1141)
27:Qazwsxedc (33,287)
28:123456a (37,811)
29:112233 (30 6795)
30:Qwe 123 (36,447)
31:Ghbdtn (36302)
32:Polniy Pizdec 0211 (33,236)
33:159753 (30,239)
34:123456q (32,223)
35:Asdfgh (31,722)
36:1111111 (31,621)
37:Samsung (30,544)
38:Qweasdzxc (30,445)
39:Qwertyu (19,535)
40:1234 q wer (20, 9132)
41:11111111 (28904)
42:222222 (28,881)
43:Asdfghjkl (21,875)
44:1 qaz 2 ws x (28,142)
45:Qweqwe (20, 7045)
46:1111111111 (26,826)
47:123654 (25,547)
48:Marina (24,309)
49:123123123 (21,476)
50:0987654321 (23, 3749)
51:12345q (23,673)
52:999999 (23,464)
53:Qwerty 123 (20,237)
54:123456789 a (20 2749)
55:12345 a (22 2730)

Domain tops 55 of e-mail addresses frequently used among leaked account information are as follows.

01:@ Mail.ru (41.1152524)
02:NONE (21.87 million 7927)
03:@ Yandex.ru (11.6 million 4169)
04:@ Rambler.ru (741,6993)
05:@ Bk.ru (218 3690)
06:@ Gmail.com (233 3429)
07:@ List.ru (1.586503)
08:@ Ukr.net (1.5 million 9641)
09:@ Inbox.ru (1,141,841)
Ten:@ Yahoo.com (586902)
11:@ I.ua (523,155)
12:@ Hotmail.com (522,182)
13:@ Ya.ru (570,810)
14:@ Bigmir.net (41 3599)
15:@ Yandex.ua (319155)
16:@ Meta.ua (3008771)
17:@ Tut.by (22 7743)
18:@ E - mail.ru (14,7319)
19:@ Pochta.ru (13,8758)
20:@ Qip.ru (120 3094)
twenty one:@ Inbox.lv (100,3610)
twenty two:@ Vkontakte.ru (100 5614)
twenty three:@ Yndex.ru (94,443)
twenty four:@ E1.ru (80,481)
twenty five:@ Meil.ru (80,260)
26:@ Ngs.ru (82,220)
27:@ Email.ru (79,524)
28:@ Sibmail.com (70, 1916)
29:@ Mai.ru (70, 1692)
30:@ Spaces.ru (70, 1008)
31:@ Km.ru (70,000)
32:@ Gmail.ru (64,441)
33:@ Ua.fm (60,000)
34:@ Abv.bg (50, 6825)
35:@ Narod.ru (50, 5076)
36:@ Mail.com (53,297)
37:@ Live.ru (52,698)
38:@ Web.de (50,339)
39:@ Ro.ru (49454)
40:@ E - mail.ua (45 thousands)
41:@ Online.ua (44,118)
42:@ Mail.ry (44,043)
43:@ Nm.ru (30 5446)
44:@ Gala.net (30,413)
45:@ Gmx.de (30,535)
46:@ Seznam.cz (31,700)
47:@ Mail.ua (30, 1143)
48:@ Email.ua (30, 0001)
49:@ Pisem.net (30,000 0044)
50:@ Live.com (27,386)
51:@ Il.ru (20 6947)
52:@ Voliacable.com (25,347)
53:@ Aport.ru (20, 4104)
54:@ Hotbox.ru (23,336)
55:@ Mail.by (22,556)