Monday, October 31, 2016

Mail.ru Forums Hacked Over 25 Million Users Accounts Gets Compromised







Mail.ru Forums Hacked Over 25 Million Users Accounts Gets Compromised





Mail.ru Forums Hacked Over 25 Million Users Accounts Gets Compromised.






Russian Internet company communities cfire.mail.ru (Cross Fire game), parapa.mail.ru (ParaPa Dance City game), and tanks.mail.ru (Ground War: Tank game) forums get hacked. These communities were running on vBulletin forums which are vulnerable to the hack.  


Hackers used SQL vulnerabilities found in unpatched vBulletin forum software, which allows accessing to the database including usernames, email addresses, hash passwords, and their birthdays.



The Leaked source which provides data breaches in an index and exposes 27,449,088 user records compromised from all services data of mail.ru on its website.

According to leaked source,


  • cfire.mail.ru – 12,881,787 users, 6,226,196 passwords cracked at the time of this post.

  • parapa.mail.ru (main game) – 5,029,530 users, 3,329,532 passwords cracked at the time of this post.

  • parapa.mail.ru (forums) – 3,986,234 users, 2,907,572 passwords cracked at the time of this post.

  • tanks.mail.ru – 3,236,254 users, 0 passwords cracked at the time of this post.cfire.mail.ru contained 12,881,787 user records.

Top 50 Passwords of *.mail.ru communities are as follows:


RankPasswordFrequency
1123456789263,347
212345678201,977
3123456        89,756
4123456789089,497
5qwertyuiop32,584
612312312331,268
71111111130,827
81q2w3e4r5t30,087
91q2w3e4r27,399
1098765432123,387
11qazwsxedc20,748
12qweasdzxc19,039
131234qwer18,434
141234432117,488
15111111        16,372
168888888814,651
171qaz2wsx14,487
18123455432114,262
19qwertyui14,187
20123123        13,892
2178945612313,753
221234567891013,568
230000000013,548
24123456789a12,828
251234567        12,582
268765432112,333
27crossfire12,091
28098765432111,841
29123321  11,609
30asdfghjkl11,395
31qwerty        11,284
321q2w3e4r5t6y11,021
33123qweasdzxc10,757
3414725836910,112
351236547899,542
3612345qwert9,162
37123456789q9,148
38qwer12348,965
39123412348,588
40qwerty1238,563
41q1w2e3r4t58,185
42q1w2e3r48,183
4311111111118,118
44112233448,061
45555555557,919
461qaz2wsx3edc7,652
477418529637,427
48123qweasd7,280
49666666        7,263
5010293847566,875



Account users will have to keep strong password rather than  ‘123456789’, which is a weak password.



However, Mail.ru spokesperson says that the leaked password database are no longer valid.




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured Post

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign

Popular Posts