Thursday, 25 August 2016
0 comments

Mail.ru Forums Hacked Over 25 Million Users Accounts Gets Compromised

Mail.ru Forums Hacked Over 25 Million Users Accounts Gets Compromised


Mail.ru Forums Hacked Over 25 Million Users Accounts Gets Compromised.



Russian Internet company communities cfire.mail.ru (Cross Fire game), parapa.mail.ru (ParaPa Dance City game), and tanks.mail.ru (Ground War: Tank game) forums get hacked. These communities were running on vBulletin forums which are vulnerable to the hack.  


Hackers used SQL vulnerabilities found in unpatched vBulletin forum software, which allows accessing to the database including usernames, email addresses, hash passwords, and their birthdays.

The Leaked source which provides data breaches in an index and exposes 27,449,088 user records compromised from all services data of mail.ru on its website.

According to leaked source,

  • cfire.mail.ru - 12,881,787 users, 6,226,196 passwords cracked at the time of this post.
  • parapa.mail.ru (main game) - 5,029,530 users, 3,329,532 passwords cracked at the time of this post.
  • parapa.mail.ru (forums) - 3,986,234 users, 2,907,572 passwords cracked at the time of this post.
  • tanks.mail.ru - 3,236,254 users, 0 passwords cracked at the time of this post.cfire.mail.ru contained 12,881,787 user records.


Top 50 Passwords of *.mail.ru communities are as follows:

Rank Password Frequency
1 123456789 263,347
2 12345678 201,977
3 123456         89,756
4 1234567890 89,497
5 qwertyuiop 32,584
6 123123123 31,268
7 11111111 30,827
8 1q2w3e4r5t 30,087
9 1q2w3e4r 27,399
10 987654321 23,387
11 qazwsxedc 20,748
12 qweasdzxc 19,039
13 1234qwer 18,434
14 12344321 17,488
15 111111         16,372
16 88888888 14,651
17 1qaz2wsx 14,487
18 1234554321 14,262
19 qwertyui 14,187
20 123123         13,892
21 789456123 13,753
22 12345678910 13,568
23 00000000 13,548
24 123456789a 12,828
25 1234567         12,582
26 87654321 12,333
27 crossfire 12,091
28 0987654321 11,841
29 123321   11,609
30 asdfghjkl 11,395
31 qwerty         11,284
32 1q2w3e4r5t6y 11,021
33 123qweasdzxc 10,757
34 147258369 10,112
35 123654789 9,542
36 12345qwert 9,162
37 123456789q 9,148
38 qwer1234 8,965
39 12341234 8,588
40 qwerty123 8,563
41 q1w2e3r4t5 8,185
42 q1w2e3r4 8,183
43 1111111111 8,118
44 11223344 8,061
45 55555555 7,919
46 1qaz2wsx3edc 7,652
47 741852963 7,427
48 123qweasd 7,280
49 666666         7,263
50 1029384756 6,875

Account users will have to keep strong password rather than  '123456789', which is a weak password.

However, Mail.ru spokesperson says that the leaked password database are no longer valid.

0 comments:

Post a Comment

 
Toggle Footer
Top