Over 25 million accounts stolen after Mail.ru forums hacked

Two hackers were able to steal email addresses and easily crackable passwords from three separate forums in this latest hack.
Written by Zack Whittaker, Contributor
Image: Stock photo

Over 25 million accounts associated with forums hosted by Russian internet giant Mail.ru have been stolen by hackers.

Two hackers carried out attacks on three separate game-related forums in July and August. One forum alone accounted for almost half of the breached data -- a little under 13 million records; the other two forums make up over 12 million records.

The databases were stolen in early August, according to breach notification site LeakedSource.com, which obtained a copy of the databases.

The hackers' names aren't known, but they used known SQL injection vulnerabilities found in older vBulletin forum software to get access to the databases.

An analysis of the breached data showed that hackers took 12.8 million accounts from cfire.mail.ru; a total of 8.9 million records from parapa.mail.ru, and 3.2 million accounts from tanks.mail.ru.

The hackers were able to obtain usernames, email addresses, scrambled passwords, and birthdays. Some of the forums allowed the hackers to also obtain IP addresses (which could be used to determine location) and phone numbers.

A member of the LeakedSource group told me that about half of the passwords -- around 12 million -- were easily cracked using readily available cracking tools. That's because, according to the group's blog post, the sites "all used some variation of MD5 with or without unique salts", an algorithm that is considered insecure by today's standards.

The group said that the most common four passwords were some combination of "123456789", which in part made it easier to determine a significant portion of the leaked passwords.

The breach notification confirmed that it has added the breached data into its database, alongside another 2.3 million records from 10 other websites that the group bundled in with its blog post.

This is the latest hack in a long line of similar attacks on out-of-date and unpatched forums with widely known and glaring security flaws. Many of Mail.ru's forums ran versions of vBulletin software dating back to early-2013.

It's also not the first time that Mail.ru has suffered a breach this year. In June, the company -- which also owns Russian social network VK.com -- confirmed that it was also breached, albeit some years earlier when the site's security was far more primitive.

In an emailed statement, Mail.ru spokesperson Nataliya Bogdanovich played down the attacks.

"They are old passwords to the forums of game projects that Mail.ru Group acquired over the years. All Mail.ru Group's forums and games have been using a secure integrated authorization system for a long time by now," said the spokesperson. "These passwords have never been related to email accounts and other services of the company in any way."

Editorial standards