Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Over 25 Million Accounts Stolen After Mail.ru Forums Hacked (zdnet.com) 25

An anonymous reader writes: Over 25 million accounts associated with forums hosted by Russian internet giant Mail.ru have been stolen by hackers. Two hackers carried out attacks on three separate game-related forums in July and August. One forum alone accounted for almost half of the breached data -- a little under 13 million records; the other two forums making up over 12 million records. The databases were stolen in early August, according to breach notification site LeakedSource.com, which obtained a copy of the databases. The hackers' names aren't known, but used known SQL injection vulnerabilities found in older vBulletin forum software to get access to the databases. An analysis of the breached data showed that hackers took 12.8 million accounts from cfire.mail.ru; a total of 8.9 million records from parapa.mail.ru, and 3.2 million accounts from tanks.mail.ru. The hackers were able to obtain usernames, email addresses, scrambled passwords, and birthdays.
This discussion has been archived. No new comments can be posted.

Over 25 Million Accounts Stolen After Mail.ru Forums Hacked

Comments Filter:
  • by Anonymous Coward

    Russia did it !

    Yours In The Pentagon,
    K. Trout

  • by BringsApples ( 3418089 ) on Wednesday August 24, 2016 @11:51AM (#52762885)

    The hackers were able to obtain usernames, email addresses, scrambled passwords, and birthdays.

    So they have usernames (made up), email addresses (like I have on my business card), scrambled passwords (not even sure if this matters), and birthdays (not really something that many keep private anyway). I wouldn't care if any of this were taken from me, even if it were my gmail account.

    • It depends on how the passwords were "scrambled"

      Even if they were just hashes, those hashes could be used to correlate against a number of existing password databases from previous leaks (if the hashing algrothims are known or can be guessed). That could then give you better data on who is using the same password elsewhere.

      Also, a birthday is not a trivial piece of information. It is used as a security question all too often. It also give the attacker more clues about you which is never good.

      • You have a good point, and honestly I have no idea to what degree the email service integrates with other sites. Maybe it's a bigger deal than I first thought.

        I guess I just feel like everyone should be using some local email client, and saving all email locally, rather than on the provider's server(s). Of course there are very good arguments against that. However, Hillary Clinton comes to mind.
  • I bet... (Score:5, Funny)

    by sciengin ( 4278027 ) on Wednesday August 24, 2016 @12:08PM (#52762999)

    I bet it was again those evil russian hack-
    Oh wait...

  • by fubarrr ( 884157 )
    In Soviet Russia ... you
  • The vast majority of the accounts probably were fake accounts used by spammers. Oh, well...
  • by russotto ( 537200 ) on Wednesday August 24, 2016 @12:42PM (#52763219) Journal

    Maybe it was the DNC thinking payback was fair play?

  • Seriously, do we need an icon for vBulletin now? That's 4 stories in less than 2 weeks about major forums having their information leaked via known vBulletin exploits. It sounds like some people (maybe the same ones each time, maybe not) are just going around to all the major forums that run vBulletin and seeing if they're running an older version with the known vulnerability. Surprise, surprise - most forums haven't bothered to upgrade their vBulletin software. If we're going to keep seeing this story

  • "over 25 million spammer accounts stolen" the amount of spam i get from mail.ru .. i think 90% of the emails they have are created by bots to spam.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...