14 DAY TRIAL // Rambler.ru, a website nicknamed Russia's Yahoo, suffered a data breach in 2012 at the hands of unknown hackers, who managed to steal nearly 100 million user records, data breach index service LeakedSource reports.
According to data found inside the Rambler.ru data dump files, the incident took place around February 17, 2012, and included the details of 98,167,935 Rambler.ru users.
LeakedSource claims it received the data from a hacker using the [email protected] Jabber ID. This is the same person who provided LeakedSource with the data dump from another 2012 hack, the Last.fm music streaming service.
Password data stored in plaintext
An analysis of the data shows that, for each user entry, there is a Rambler.ru username, which also doubles as a [email protected] email address, an ICQ number (IM chat service), a password string, and some internal data. A screenshot of the Rambler.ru database schema is attached to this article below.
LeakedSource says that none of the password strings were hashed, being stored in plaintext in the database. This is similar to the VK.com data breach, where passwords were also stored in plaintext, without hashing or salting.
As you'd expect, the most common passwords were extremely easy to brute-force, including terms such as "asdasd," "123456," "000000," "654321," "123321," or "123123."
Leaked Rambler.ru data is valid
LeakedSource asked several journalists, including Softpedia, to assist in verifying the data. The data verification process took several days due to language barriers, so LeakedSource asked for help from local Russian media.
Journalist Maria Nefedova from Xakep.ru was able to verify the data's authenticity. Softpedia's requests for comment from Rambler's management have remained unanswered at the time of writing.
LeakedSource touted more mega breaches in the upcoming weeks. Prior to Rambler.ru, the company received datasets from many other services. These are some of the hacks that came to light in the past month alone, thanks to LeakedSource: BTC-E, BitcoinTalk, Last.fm, Dropbox, Mail.ru, Leet.cc, and Social Blade.
UPDATE: Rambler.ru provided the following statement regarding the resurfaced 2012 data breach:
“ We know about that database. It was leaked March 2014 and contained millions of accounts. Right after the accident we forced our users to change their passwords. Nowadays situation like that is impossible. We do not store passwords in plain text, all data is encrypted (passwords ARE hashed), we have added mobile phone verification option and constantly remind our users about the necessity of changing passwords. We also have forbidden to use the previously used passwords for the same account. ”
