Data which was found on one Rambler.ru data dump shows that their hacking incident actually took place four years ago on the 17th of February 2012, and it also contained about 98,167,935 Rambler.ru user details.
LeakedSource, the site where hundreds of hacked account details are hosted, says that it received data of the Rambler.ru hack from a user who was using the name, firstname.lastname@example.org Jabber ID. The same person is also believed to have been the one who provided LeakedSource with information of another hack, that of last.fm. The hack for last.fm also took place in 2012.
After analyzing the data received, it showed that for each user entry, there was a Rambler.ru username which also happened to be the email@example.com email address. In the data set there is also an ICQ number (which is needed for IM chat service), a password string, and then some internal data which is contained inside too. LeakedSource claims that from their analysis, none of the password strings were hashed, which would leave them vulnerable.
They were all being stored in plain text in the database. This is not the only case where passwords have not been hashed, after the VK.com data breach also showed that passwords had been left in plain text mode also, and were not provided with any salting or hashing.
As expected, the most common passwords discovered from the data breach, which were also easy to brute force included passwords such as, asdasd, 123456, 000000, 654321, 123321, and 123123.
LeakedSource asked around for other security teams and journalists to assist in verifying the data. There were language barriers which had to be broken first, since the site is hosted in Russian, which meant the verification process took a long time. LeakedSource had to ask for help from some of the local Russian media outlets because of that.
One journalist, Maria Nefedova, who works for Xakep.ru, confirmed the data’s authenticity. Rambler’s management have not yet answered to requests for comment on the issue yet, and will be updated as soon as they do.
LeakedSource has been at the forefront of revealing many hacks in the past few days and weeks. Some of the high profile breaches they have exposed include that of the last.fm, which was mentioned earlier. It also brought other breaches such as the Dropbox breach, Mail.ru, Social Blade, Leet.cc, BTC-E.com, and the Bitcointalk.com breach.
This might be a good time to get a VPN suited for Russia if you live there.