Another “historic” mega breach has been revealed as someone who goes by the alias “Tessa88@exploit.im” has begun selling info tied to 100 milion VK accounts.
“This data set contains 100,544,934 records. Each record may contain an email address, a first and last name, a location (usually city), a phone number, a visible password, and sometimes a second email address,” LeakedSource operators noted.
By now, others have begun selling the stolen VK.com database, including “Peace,” the seller who has previously offered huge batches of user data stolen from Tumblr and LinkedIn for sale on dark web marketplace The Real Deal.
The VK data seems legitimate – some accounts still exist and the passwords are the right ones, while others have since been deactivated. According to the original seller, the data was stolen in late 2012 or early 2013.
The breached social network apparently stored the passwords in plaintext.
Given that VK – previously VKontakte – is a social network based in Russia, it’s not surprising that the majority of the users used Mail.ru, Yandex.ru, and Rambler.ru email addresses to sign in to the service (the Mail.ru Internet company is also the owner of VK).
But, as usual, the list of the most used passwords is depressingly predictable:
If you are a VK user you would do well to check whether your account info is in the stolen batch by querying the Leaked Source database.
If it is, you can ask them to remove it from the database, but you’ll also know which of your personal information is in the hands of (who knows how many?) crooks by now, and can prepare yourself better for phishing and identity theft attempts that could come your way in the future. Extortion attempts are also a possibility.
Needless to say, change your account password, if you haven’t already, and don’t reuse the new password for other accounts.