Rambler.ru hack: Passwords of nearly 100 million users exposed

A new data leak – confirmed to be legitimate by LeakedSource and added to its searchable online database – affects nearly 100 million users of Rambler.ru, one of the biggest Russian web portals.

“We verified this database with the help of journalist Maria Nefedova who works for xakep.ru. Specifically we sent three of her friends the first portion of the passwords found attached to their accounts in this breach, and they were able to accurately fill in the rest (4-6 characters each) for us with 100% accuracy,” the group explained.

The leaked database contains 98,167,935 records. Each one holds a username (which also forms an email address in the form of username@rambler.ru), a password, an ICQ number, and “some other internal data.”

“Nearly all of the emails in the leak end in @rambler.ru and although they apparently own a few other domains, the other domains are rarely used,” the LeakedSource team noted.

The passwords are stored in clear text, and many are expectedly predictable and have been used by hundreds of thousands of users.

The hack that resulted in the theft of this data has been dated to February 17th, 2012, making this the latest of the recently revealed data hacks that go back to 2012.

The VK breach is one of those: in June this year, a data set containing 100.5 million records of its users has been offered for sale.

Both of these Russian-based entities stored user passwords in plaintext.