Russian site 'hit by huge data breach'

  • Published
Password highlightedImage source, Klaus Kreckler
Image caption,
The passwords were stored with no scrambling or hashing

Login names and passwords for more than 98 million users of the Russian Rambler.ru email service have reportedly been stolen and put online.

The data included email addresses and passwords that had been stored without any protection, a security firm said.

Leaked Source said the massive cache of credentials dated from 2012 but had only now been leaked and put online.

And it had come from a hacker who had supplied security firms with 43 million user names from music service Last.fm.

Rambler has been described as the Russian equivalent of Yahoo as it offers email services as well as acting as a news and content hub for its users.

"We know about that database," said the service in a statement.

"It was leaked March 2014 and contained millions of accounts. Right after the accident we forced our users to change their passwords.

"We also have forbidden to use the previously used passwords for the same account."

Leaked Source broke the news about the breach and said it had verified some of the data with the help of Russian journalists. .

Leaked Source said passwords associated with login names had been stored with "no encryption or hashing". Instead, it said, they had been listed in plain text.

Analysis of the long list of passwords showed that "asdasd" was the most popular string, used by more than 723,000 people, it said.

The second most popular password among the 98 million users was "asdasd123".

In June this year, details of more than 100 million users of the Russian VK.com service were shared online.

Copies of the long list of login names and passwords was offered online at a price of one bitcoin (£456).