Data more than 100 million Vkontakte accounts are sold online for 1 bitcoin
A random sample showed the validity of 92 out of 100 (!) Accounts
Resource LeakedSource, engaged in monitoring and analysis of leaks, reported a leak in the Network data about 100 million accounts of the social network "Vkontakte". This data is not posted for free access, but sold. For sale they put a hacker with the nickname Peace.
')
Experts who analyzed the leakage report that the database contains 100,544,934 records. These are not only logins and passwords, but also names, email addresses, phone numbers of users. All this is sold for only 1 Bitcoin, about $ 570 at the rate. The lot is for sale in the dark web, on one of the marketplaces.
As for the base, which is obtained by the resource LeakedSource, it was provided by the user Tessa88. According to the hacker Peace, the user database was obtained during the hacking of a social network. This hacking was carried out between 2011 and 2013, which explains the lack of a phone number next to the username in the database. As mentioned above, the validity of the database is high, a random sample showed the correctness of 92 out of 100 records.
Interestingly, Peace is the nickname used by the attacker who sold millions of MySpace accounts. At the end of May, data from more than 400 million accounts of this social network were included in the Network.
When analyzing account passwords, it turned out that most often users set the number 123456 as a password.
Among the e-mail addresses, e-mail from mail.ru was the most common.
The large-scale leakage of these user accounts on Vkontakte is a continuation of the “May plum”, when data from millions of Mail.ru, MySpace, LinkedIn accounts appeared on the Web. However, in the current case, the percentage of valid accounts is much higher - it can probably be explained by the fact that Vkontakte users rarely change the data of their accounts. Peace claims that he still has data for about 70 million Vkontakte accounts, but he is not going to sell them yet.
As for the history of Mail.ru, in May, invalid data entered the Network, more than 99% of accounts from the database were irrelevant. “22.56% of the analyzed accounts contain an email address that never existed at all, another 64.27% contains the wrong password, the database also contains records that are specified without a password at all (0.74%). The remaining 12.42% of accounts already pass in Mail.Ru Mail as suspicious (that is, according to our system, there are reasons to believe that they were either hacked or created by a robot) and blocked. This means that it is impossible to enter them with a password, and the owner must go through the procedure for restoring access, ”the company said in a press release.
But the base LinkedIn and MySpace accounts were genuine, this is no ordinary stuffing. The data of many accounts from the database were already different, but, nevertheless, many of the accounts were correct, and with them it was possible to log in to the specified sites.
So far, there are no comments on this incident from Vkontakte.
Resource LeakedSource, engaged in monitoring and analysis of leaks, reported a leak in the Network data about 100 million accounts of the social network "Vkontakte". This data is not posted for free access, but sold. For sale they put a hacker with the nickname Peace.
')
Experts who analyzed the leakage report that the database contains 100,544,934 records. These are not only logins and passwords, but also names, email addresses, phone numbers of users. All this is sold for only 1 Bitcoin, about $ 570 at the rate. The lot is for sale in the dark web, on one of the marketplaces.
As for the base, which is obtained by the resource LeakedSource, it was provided by the user Tessa88. According to the hacker Peace, the user database was obtained during the hacking of a social network. This hacking was carried out between 2011 and 2013, which explains the lack of a phone number next to the username in the database. As mentioned above, the validity of the database is high, a random sample showed the correctness of 92 out of 100 records.
Interestingly, Peace is the nickname used by the attacker who sold millions of MySpace accounts. At the end of May, data from more than 400 million accounts of this social network were included in the Network.
When analyzing account passwords, it turned out that most often users set the number 123456 as a password.
| Item number | Password | Frequency |
| one | 123456 | 709,067 |
| 2 | 123456789 | 416,591 |
| 3 | qwerty | 291,645 |
| four | 111111 | 189,151 |
| five | 1234567890 | 156,614 |
| 6 | 1234567 | 141,620 |
| 7 | 12345678 | 107,799 |
| eight | 123321 | 93,048 |
| 9 | 000000 | 91,981 |
| ten | 123123 | 89,461 |
| eleven | 7777777 | 87,022 |
| 12 | qwertyuiop | 77,256 |
| 13 | 666666 | 77,048 |
| 14 | 123qwe | 68,800 |
| 15 | 555555 | 66,208 |
| sixteen | zxcvbnm | 64,066 |
| 17 | 1q2w3e | 62,903 |
| 18 | gfhjkm | 57,386 |
| nineteen | qazwsx | 56,465 |
| 20 | 1q2w3e4r | 55,251 |
| 21 | 654321 | 51,680 |
| 22 | 987654321 | 50,306 |
| 23 | 121212 | 44,652 |
| 24 | zxcvbn | 44,209 |
| 25 | 777777 | 42,279 |
| 26 | 1q2w3e4r5t | 41,141 |
| 27 | qazwsxedc | 39,287 |
| 28 | 123456a | 37,611 |
| 29 | 112233 | 36,795 |
| thirty | qwe123 | 36,447 |
| 31 | ghbdtn | 36,302 |
| 32 | PolniyPizdec0211 | 33,236 |
| 33 | 159753 | 32,939 |
| 34 | 123456q | 32,123 |
| 35 | asdfgh | 31,722 |
| 36 | 1111111 | 31,621 |
| 37 | samsung | 31,544 |
| 38 | qweasdzxc | 30,459 |
| 39 | qwertyu | 29,354 |
| 40 | 1234qwer | 29,132 |
| 41 | 11111111 | 28,904 |
| 42 | 222222 | 28,881 |
| 43 | asdfghjkl | 28,175 |
| 44 | 1qaz2wsx | 28,142 |
| 45 | qweqwe | 27,045 |
| 46 | 1111111111 | 26,826 |
| 47 | 123654 | 25,947 |
| 48 | marina | 24,309 |
| 49 | 123123123 | 24,176 |
| 50 | 0987654321 | 23,749 |
| 51 | 12345q | 23,673 |
| 52 | 999999 | 23,464 |
| 53 | qwerty123 | 22,937 |
| 54 | 123456789a | 22,749 |
| 55 | 12345a | 22,730 |
Among the e-mail addresses, e-mail from mail.ru was the most common.
| Item number | Domain e-mail | Frequency |
| one | @ mail.ru | 41,132,524 |
| 2 | e-mail not specified | 21,877,927 |
| 3 | @ yandex.ru | 11,604,169 |
| four | @ rambler.ru | 7,416,993 |
| five | @ bk.ru | 2,183,690 |
| 6 | @ gmail.com | 2,033,429 |
| 7 | @ list.ru | 1,586,503 |
| eight | @ ukr.net | 1,509,641 |
| 9 | @ inbox.ru | 1,411,841 |
| ten | @ yahoo.com | 586,902 |
| eleven | @ i.ua | 523,155 |
| 12 | @ hotmail.com | 522,182 |
| 13 | @ ya.ru | 518,710 |
| 14 | @ bigmir.net | 413,599 |
| 15 | @ yandex.ua | 319,155 |
| sixteen | @ meta.ua | 308,771 |
| 17 | @ tut.by | 227,743 |
| 18 | @ e-mail.ru | 147,319 |
| nineteen | @ pochta.ru | 138,758 |
| 20 | @ qip.ru | 123,094 |
| 21 | @ inbox.lv | 106,310 |
| 22 | @ vkontakte.ru | 105,614 |
| 23 | @ yndex.ru | 94,643 |
| 24 | @ e1.ru | 84,581 |
| 25 | @ meil.ru | 82,608 |
| 26 | @ ngs.ru | 82,202 |
| 27 | @ email.ru | 79,524 |
| 28 | @ sibmail.com | 71,916 |
| 29 | @ mai.ru | 71,692 |
| thirty | @ spaces.ru | 71,008 |
| 31 | @ km.ru | 70,307 |
| 32 | @ gmail.ru | 64,141 |
| 33 | @ ua.fm | 60,568 |
| 34 | @ abv.bg | 56,825 |
| 35 | @ narod.ru | 55,076 |
| 36 | @ mail.com | 53,297 |
| 37 | @ live.ru | 52,698 |
| 38 | @ web.de | 50,339 |
| 39 | @ ro.ru | 49,454 |
| 40 | @ e-mail.ua | 45,403 |
| 41 | @ online.ua | 44,118 |
| 42 | @ mail.ry | 43,043 |
| 43 | @ nm.ru | 35,446 |
| 44 | @ gala.net | 34,613 |
| 45 | @ gmx.de | 34,535 |
| 46 | @ seznam.cz | 31,700 |
| 47 | @ mail.ua | 31,143 |
| 48 | @ email.ua | 30,951 |
| 49 | @ pisem.net | 30,044 |
| 50 | @ live.com | 27,386 |
| 51 | @ il.ru | 26,947 |
| 52 | @ voliacable.com | 25,347 |
| 53 | @ aport.ru | 24,104 |
| 54 | @ hotbox.ru | 23,636 |
| 55 | @ mail.by | 22,556 |
The large-scale leakage of these user accounts on Vkontakte is a continuation of the “May plum”, when data from millions of Mail.ru, MySpace, LinkedIn accounts appeared on the Web. However, in the current case, the percentage of valid accounts is much higher - it can probably be explained by the fact that Vkontakte users rarely change the data of their accounts. Peace claims that he still has data for about 70 million Vkontakte accounts, but he is not going to sell them yet.
As for the history of Mail.ru, in May, invalid data entered the Network, more than 99% of accounts from the database were irrelevant. “22.56% of the analyzed accounts contain an email address that never existed at all, another 64.27% contains the wrong password, the database also contains records that are specified without a password at all (0.74%). The remaining 12.42% of accounts already pass in Mail.Ru Mail as suspicious (that is, according to our system, there are reasons to believe that they were either hacked or created by a robot) and blocked. This means that it is impossible to enter them with a password, and the owner must go through the procedure for restoring access, ”the company said in a press release.
But the base LinkedIn and MySpace accounts were genuine, this is no ordinary stuffing. The data of many accounts from the database were already different, but, nevertheless, many of the accounts were correct, and with them it was possible to log in to the specified sites.
So far, there are no comments on this incident from Vkontakte.
Source: https://habr.com/ru/post/394973/
All Articles