More than 25 million accounts of mail.ru gaming forums have been stolen by intruders

As a result of exploiting the SQL-injection vulnerability in old versions of vBulletin, unknown attackers managed to steal data on 12.8 million cfire.mail.ru accounts, 8.9 million parapa.mail.ru accounts and 3.2 million tanks.mail.ru accounts.

Leakage data is published on the LeakedSource website, including information on the number of decrypted password hashes:

Subdomains belonging to mail.ru were hacked in August of 2016.

Specifically they are:
cfire.mail.ru - 12,881,787 users, 6,226,196 passwords cracked at the time of this post.
parapa.mail.ru (main game) - 5,029,530 users, 3,329,532 passwords cracked at the time of this post.
parapa.mail.ru (forums) - 3,986,234 users, 2,907,572 passwords cracked at the time of this post.
tanks.mail.ru - 3,236,254 users, 0 passwords cracked at the time of this post.

As a result of the hacking, the attackers obtained data on user names, dates of birth, email addresses and encrypted passwords. Some databases contained users ’IP addresses and phone numbers.

According to the LeakedSource leak aggregator, some passwords were encrypted using the md5 algorithm, which in current realities is not a reliable protection.

Top 20 passwords from decrypted hashes:

Users do not change their habits and use simple passwords on most services. The top 20 passwords in terms of frequency of use roughly coincide in the database of the “leakage” passwords of 100 million Vkontakte users.

Subdomains of * .mail.ru (games, many services, etc.) are not directly related to the functionality of the mail.ru mail service, and are not related to it except for the mail address.