98 million Rambler.ru accounts surface after 2012 hack

Passwords stored in the clear

stbasils cathedral moscow russia

St Basil's Cathedral, Red Square, Moscow

Credit: flowcomm

LeakedSource has revealed that 98 million Rambler.ru accounts have surfaced, four years after Russia's version of Facebook was compromised in 2012. The records were shared with the breach notification service by the same person who released the Last.fm database earlier this month.

The compromised Rambler.ru records were added to the LeakedSource database on Monday. Details include username (which is also the person's email address), password (stored via plaintext), ICQ account number, and other internal data.

The contents of the database were verified by a Russian journalist, Maria Nefedova , who had three individuals confirm the details associated with their accounts.

Rambler.ru isn't the only Russian firm to find themselves in LeakedSource's archive – the competition is there too. LeakedSource was the first to report the existence of 171 million compromised VK.com accounts earlier this summer. Moreover, LeakedSource also reported on the existence of millions of compromised mail.ru accounts.

This latest massive dump of compromised credentials is just one of several from 2012 and 2013 that are just now hitting the public. In 2012, Last.fm and LinkedIn had security troubles, and a few months later, MySpace and Tumblr faced similar issues.

It isn't clear why these massive collections of harvested credentials are being dumped to the public years after the fact. Perhaps the criminals have no further use for them. If that's the case, (as @workentin put it on Twitter) what can we expect in 2020 once the four-year shelf life of 2016's breaches has been reached?

In related news, nearly 800,000 Brazzers accounts were exposed, after the popular porn destination was hacked.

The details were revealed by Motherboard after receiving a tip from Vigilante.pw, a breach-monitoring website similar to LeakedSource.

A Brazzers spokesperson said the records match those form an incident in 2012, after a vBulletin vulnerability was exploited on Brazzersforum. Accounts on the main website and the forum were shared out of convenience, the company said.

Update:

In a statement, Rambler.ru said they were aware of the database, as it was leaked in March of 2014. The previous leak contained about 4 million accounts. Their full statement, given when questioned about the LeakedSource report by IDG News, is below.

"We know about that database. It was leaked March 2014 and contained about 4 million accounts.

"Right after the accident we forced our users to change their passwords. Some passwords still might be matched because lots of them as simple as 123456.

"Nowadays situation like that is impossible. We do not store passwords in plain text, all data is encrypted, we have added mobile phone verification option and constantly remind our users about the necessity of changing passwords. We also have forbidden to use the previously used passwords for the same account."

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.