Russian internet giant Rambler.ru hacked, leaking 98 million accounts

Russian internet portal and email provider Rambler.ru has become the latest victim in a growing list of historical hacks.

Breach notification site LeakedSource.com, which obtained a copy of an internal customer database, said the attack dates back to Feb. 17, 2012.

More than 98.1 million accounts were in the database, including usernames, email addresses, social account data, and passwords, the group said in a blog post. Unlike other major breaches, those passwords were stored in unencrypted plaintext, meaning anyone at the company could easily see passwords.

The last time a breach on this scale was found using plaintext password storage was Russian social networking site VK.com, which saw 171 million accounts taken in the breach.

Rambler.ru now joins the hacked ranks of LinkedIn and Last.fm in 2012, as well as MySpace and Tumblr in 2013.

LeakedSource said it had verified the breach, and it has added the cache into its searchable database.

Rambler.ru is one of the largest websites in the world, and one of the most visited in Russia. Founded in 1996, the company provides search, news, email, and advertising, making it a powerhouse of the Russian internet. The company competes with Yandex, as well as with Mail.ru (also owns VK.com), which made headlines for a second time this year for suffering at the hands of hackers.

After a numerous back and forth with Rambler.ru Chief Information Officer Ilya Zuev, the company issued the following response:

"We know about that database. It was leaked March 2014 and contained millions of accounts. Right after the accident we forced our users to change their passwords. Nowadays [a] situation like that is impossible. We do not store passwords in plain text, all data is encrypted (passwords hashed), we have added mobile phone verification option and constantly remind our users about the necessity of changing passwords."

The company added: "We also have forbidden [the use of] previously used passwords for the same account."

THIS YEAR IN HACKS

MySpace hack puts another 427 million passwords up for sale

A hacker claims to be selling millions of Twitter accounts

One of the biggest hacks happened last year, but nobody noticed

171 million VK.com accounts stolen by hackers

Hacker puts 51 million file sharing accounts for sale on dark web

Ubuntu Forums hack exposes 2 million users

Oracle investigating data breach at Micros point-of-sale division

Epic's forums hacked again, with thousands of logins stolen

Millions of Steam game keys stolen after hacker breaches gaming site

Hackers stole 43 million Last.fm account details in 2012 breach

• MySpace hack puts another 427 million passwords up for sale
• A hacker claims to be selling millions of Twitter accounts
• One of the biggest hacks happened last year, but nobody noticed
• 171 million VK.com accounts stolen by hackers
• Hacker puts 51 million file sharing accounts for sale on dark web
• Ubuntu Forums hack exposes 2 million users
• Oracle investigating data breach at Micros point-of-sale division
• Epic's forums hacked again, with thousands of logins stolen
• Millions of Steam game keys stolen after hacker breaches gaming site
• Hackers stole 43 million Last.fm account details in 2012 breach