The popular Russian website and email provider, Rambler.ru, just became the latest victim of a series of hacks affecting major internet portals.
Although it is believed that the hack happened on February 2012, it has been only reported recently by breach notification site LeakedSource.com. This site has obtained a copy of the Russian portal’s leaked user database, containing information of more than 98 million accounts, including usernames, emails… and passwords stored in plain text. These plain text, unencrypted passwords, could be seen and used by anyone with access to the leaked database.
Rambler.ru is one of the biggest Russian portals, also one of the most visited in the world. It was founded in 1996, and it offers services as web search, e-mail, news or e-commerce for the Russian-speaking community. Because of the nature its services, the portal is known as the Russian Yahoo.
Rambler.ru is not the first big major Russian services that suffers a data breach. Few months ago, more than 170 million accounts information was leaked from VK.com, the most popular social network in Russia. This breach adds up to the increasing list of big Internet services hacked. This list also includes names as LinkedIn, Dropbox, Last.fm or MySpace.
The company has stated that they were aware of the breach, and they reacted by forcing users to change their passwords. Ilya Zuev, Rambler.ru CIO also says that the service does not store the passwords in plain text anymore, as all data is now stored encrypted.
As the emails and passwords were stored in plain text, anyone with access to the leaked database, could try the email-password combination to hack any other online service of a user. In order to reduce the impact of this kind of attacks, you should avoid reusing passwords on different sites. Create a unique, strong password for each service, and use the two-steps authentication wherever is offered.