Russian e-mail service provider Rambler.ru suffered a mega breach when someone leaked close to 100 million of its users’ login credentials online.
Data breach monitoring service LeakedSource said the 98,167,935 leaked credentials are real, information which someone allegedly stole in a hack against the “Russian version of Yahoo” during a security incident that occurred on 17 February, 2012:
“We verified this database with the help of journalist Maria Nefedova who works for xakep.ru. Specifically we sent three of her friends the first portion of the passwords found attached to their accounts in this breach, and they were able to accurately fill in the rest (4-6 characters each) for us with 100% accuracy.”
LeakedSource obtained the usernames/email addresses, passwords, instant messaging ICQ numbers, and other internal data for Rambler.ru users from email@example.com – the same individual who exposed the hack of 43.6 million accounts of the music service Last.fm.
None of the passwords were stored with encryption or hashing. The top 15 passwords found in the dump weren’t particularly strong, either.
As we have said in previous articles, it’s important that users not only create strong passwords that substitute in symbols and numbers for letters. It’s also essential that they abide by those guidelines to create a unique passphrase for each and every one of their web accounts.
Doing so will help them avoid password reuse hacking, or attack campaigns by which hackers attempt to break into one or more of their accounts by abusing a set of login credentials they’ve stolen from another web service that’s already been compromised.
For more best password security hygiene tips, please click here.
Companies can also consider protecting their users against password reuse attacks by looking into implementing LeakedSource’s API here.
Rambler.ru joins LinkedIn, Dropbox, Tumblr and a number of other sites that have all suffered mega breaches in 2016 after hackers compromised their systems several years ago.