peace_of_mind is back: now sell 100 millions VK.com’s account with cleartext passwords!

Another day, another data breach!


peace_of_mind, the same hacker who previously sold data dumps from LinkedIn is now selling more than 100 Million VK.com accounts.

VK.com is the Russia’s biggest social networking site, it’s based in St. Petersburg and has at least 280 million active accounts.

The database contains information like full names , email addresses, plain-text passwords, location information, phone numbers and, in some cases, secondary email addresses:

first name, last name, email, pass (plain text)

sample:

INSERT INTO `members10` VALUES (10000851, 'Фатима', 'Фатима', '[email protected]', '', '', '', '', '', '', 'bhbcnjy', 0);
INSERT INTO `members10` VALUES (10000853, 'Анатолий Олегович', 'Жуковский', '[email protected]', 'Ленинград', '[email protected]', '+79533442046', '2307580', 'нету', '', 'вераисакова', 79533442046);
INSERT INTO `members10` VALUES (10000854, 'Саша', 'Никитин', '[email protected]', '', '', '', '', '', '', 'tfobl1', 0);
INSERT INTO `members10` VALUES (10000855, 'Марина', 'Нужина', '[email protected]', '', '', '', '', '', '', 'rjkjyrf', 0);
INSERT INTO `members10` VALUES (10000856, 'Александра', 'Швабенландт', '[email protected]', 'находка', '[email protected]', '', '', '406364721', '', '110630', 0);
INSERT INTO `members10` VALUES (10000860, 'Profile', 'Deleted', '[email protected]', 'Земля', '', '80933461ё456', '80000000000', 'FUQ', '', 'bioffy5555', 0);
INSERT INTO `members10` VALUES (10000861, 'Элеонора', 'Мышинова', '[email protected]', '', '', '', '', '', '', 'mausik', 0);
INSERT INTO `members10` VALUES (10000862, 'Олександр ph', 'Корінний', '[email protected]', 'Николаев', '[email protected]', '0984034408', '', '570599292', '', 'qwastygh', 380984034408);

15.8GB txt file SQL format as seen above.

The dataset (over 15 gigabytes) is sold on The Real Deal dark web marketplace for just 1 Bitcoin.

The leak has been reported by LeakedSource, which received some portions of the database:

VK.com was hacked. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This database was provided to us by a user who goes by the alias “[email protected]”, and has given us permission to name them in this blog.

You may search for yourself in the leaked VK.com database by visiting our homepage. If your personal information appears in our copy of the VK database, or in any other leaked database that we possess, you may contact us and request to have it removed free of charge when we add our automated removal tools scheduled for June 6th, 2016.

Comments