A hacker is selling 100 million accounts of the popular Russian social network VK.com. He claims to have a total of 171 million VK hacked accounts information, that would include full names, emails, plain-text passwords and other information such as phone numbers or locations.
It is thought that the hacking of the social network happened sometime around end of 2012 or early 2013. At the moment, the Russian social network, the biggest in Europe, had a bit less than 190 million users, and it is believed that the whole database was retrieved at the time of the attack. Now, this hacker is suspected to have 171 million accounts database, and he is selling 100 million of them on a dark web marketplace. The price for the 17 gigabytes database is 1 bitcoin, around 580 USD.
One of the most surprising facts is that the passwords retrieved by the hackers were in plain text, and were already like that when VK was hacked. It is not clear if the social network still stores the passwords in that unprotected way, but if so, that would mean a major threat for users. Because of this, some sites as LeakedSource, have analyzed the most common passwords on the leaked data. The most common password used by VK hacked users at the time was “123456”, together with “qwerty” and “123456789”, all of them extremely weak and easy to predict.
VK spokesperson stated that those accounts information was collected by fraudsters in 2011-2012, and recommends their users to enable 2-step verification, as well as using a strong password. VK.com is the Russian equivalent to Facebook, and it is the largest social network in Europe, with more than 350 million users. The company has already analyzed the leaked data, and offers its users the possibility to know if their accounts have been affected, using its search engine.
If you are a VK user, you should be taking action as soon as possible. Change your password immediately, in VK, and in all other sites where you are using the same password. You might want to have a look to this guide to create a strong password. Also consider to enable a 2-step authentication on your VK account.