Ten other websites also hacked, mainly via vBulletin forums

Aug 24, 2016 18:45 GMT  ·  By

Data breach index service LeakedSource has added a slew of new hacked websites to its database, including over 25 million user records from three compromised Mail.ru communities.

The three communities are cfire.mail.ru (Cross Fire game), parapa.mail.ru (ParaPa Dance City game), and tanks.mail.ru (Ground War: Tank game).

All data dumps came from hacked vBulletin forums

All communities were running older vBulletin forum software that was compromised and allowed hackers access to the underlying data. LeakedSource obtained copies of this stolen data, which it added to its database.

The data dumps include usernames, emails, and passwords, along with other types of user details collected on each forum, based on the community's profile. None of the hacked communities stored passwords according to modern security standards. LeakedSource has started the password decryption process.

If you're wondering why is LeakedSource doing this, the company provides an API for businesses based on all the data breaches it indexes. Companies can compare LeakedSource data against their own user databases and forcibly change passwords for accounts that might have had their password exposed via breaches on other websites.

27,449,088 user records compromised from all services

According to LeakedSource the cfire.mail.ru contained 12,881,787 user records, of which LeakedSource managed to crack the passwords for over 6.2 million accounts.

The parapa.mail.ru data dump contained the databases of both the user forum and the game database itself. There were details for 5,029,530 users in the main game database (over 3.2 million passwords already cracked) and data for 3,986,234 users in the forum database (over 2.9 million cracked).

In the tanks.mail.ru data dump, LeakedSource said it found details for 3,236,254 users but has not gotten around to cracking their passwords.

Besides these three dumps, the company also announced ten more breaches, all from vBulletin forums: expertlaw.com (190,938 users), ageofconan.com (433,662 users), anarchy-online.com (75,514 users), freeadvice.com (487,584 users), amesforum.com (109,135 users), longestjourney.com (11,951 users), ppcgeeks.com (490,004 users), thesecretworld.com (English forum - 227,956 users), thesecretworld.com (French forum - 143,935 users), and thesecretworld.com (German forum - 144,604 users).

LeakedSource: Expect more breaches

A LeakedSource spokesperson told Softpedia that all these websites were hacked and had their data stolen in August, with one in July. He also told Softpedia that they'll be adding further data dumps to their service from websites compromised via vBulletin installations.

The company also announced on its blog that it reached the 2 billion user records milestone with these recent dumps, and teased some upcoming breaches from the crypto-currency space.

Below is a list of the most common user passwords from the Mail.ru breach. "Not a single website used proper password storage, they all used some variation of MD5 with or without unique salts," LeakedSource said. "We thought the passwords used by the *.mail.ru communities were comical."

UPDATE [August 25, 2016]: Softpedia has reached out to Mail.ru prior to the article's publication. Mail.ru provided the following information regarding the recent data breaches:

  The passwords mentioned by LeakedSource are no longer valid. They are old passwords to the forums of game projects that Mail.Ru Group acquired over the years. All Mail.Ru Group’s forums and games have been using a secure integrated authorization system for a long time by now. These passwords have never been related to email accounts and other services of the company in any way.  

 
Rank Password Frequency
1 123456789 263,347
2 12345678 201,977
3 123456 89,756
4 1234567890 89,497
5 qwertyuiop 32,584
6 123123123 31,268
7 11111111 30,827
8 1q2w3e4r5t 30,087
9 1q2w3e4r 27,399
10 987654321 23,387
11 qazwsxedc 20,748
12 qweasdzxc 19,039
13 1234qwer 18,434
14 12344321 17,488
15 111111 16,372
16 88888888 14,651
17 1qaz2wsx 14,487
18 1234554321 14,262
19 qwertyui 14,187
20 123123 13,892
21 789456123 13,753
22 12345678910 13,568
23 00000000 13,548
24 123456789a 12,828
25 1234567 12,582