[Updated w/ Official Response] 98m Plaintext Passwords Leaked Thanks to Russia’s Yahoo
In our now-routine data breach posts, today we are looking at Russia’s biggest internet portal and email provider. Breached in 2012, hackers have now leaked data of nearly 100 million users of Rambler.ru.
Rambler.ru stored passwords with no encryption
Known as Russia’s Yahoo, this is yet another major breach from 2012 that has now resurfaced. LeakedSource has revealed that it has received a copy of the February 2012 dump of user database of Rambler.ru. Rambler is a Russian news, search and e-mail portal. The data dump includes usernames, passwords, ICQ instant messaging numbers, social account details, and some internal data of over 98 million users.
The data set that LeakedSource has acquired contains details of 98,167,935 users. The site was originally hacked into on 17 February 2012, but went unreported. While many previous data dumps that we have seen so far in this year had at least some of the encryption of passwords, Rambler. Ru passwords are in plaintext. Since the portal stored passwords in cleartext, hackers have had complete and instant access to email accounts of all Rambler-ru users. This is similar to VK.com breach, which also gave instant access of 171 million user passwords to hackers. Again a Russian website, the social networking site also stored passwords in plain text format.
Weak password saga continues
The latest database also confirms the dangerous habits of using weak passwords. Rambler database revealed that 723,039 accounts had “asdasd” as their password. “asdasd123” was the second most popular password with half a million users. These are followed by the numerical sequences, such as 123456, 00000, 654321, 123123, and so on.
While LinkedIn, Last.fm and other similar accounts may not always carry critically personal information about users, this is an email service we are talking about here. Using weak passwords for services with high level of private data is always a dangerous news. Considering the lack of response from Rambler.ru, there might have been a number of accounts who could have been targeted with malware, ransomware or even caught up in identity theft cases.
LeakedSource has added the data into its database. Users can now check if they have been compromised using the site’s search engine. Rambler. Ru has yet to comment on the breach.
Update: Rambler & Co Group’s response to the breach
We have received the following response from Rambler & Co via email. Unlike what LeakedSource had said, Rambler comments that the breach actually happened in March 2014. The Group hasn’t countered the claims of passwords available in plaintext. However, it does say that the company now hashes the passwords. Following is the official statement (emphasis is ours).
We know about that database. It was leaked March 2014 and contained millions of accounts. Right after the accident we forced our users to change their passwords.
Nowadays situation like that is impossible. We do not store passwords in plain text, all data is encrypted (passwords ARE hashed), we have added mobile phone verification option and constantly remind our users about the necessity of changing passwords. We also have forbidden to use the previously used passwords for the same account.