Rambler.ru becomes the latest target of cyber-attack- 100 million users at risk of exposure.
It is called Russia’s answer to Yahoo. It is very popular in Russia and hundreds and thousands of users are actively using it.. it is called Rambler.ru and today, it is in the news for all the wrong reasons.
The popular Russian website Rambler.ru has reportedly been a victim of a security breach and data hack back in the year 2012. The result of this hack attack was that roughly 100 million users’ data was compromised including usernames, passwords, ICQ number and other critically important private data.
The report has been published by the well-known data breach index service LeakedSource who has labeled it as a “Mega Breach.” The site further noted that:
“Rambler.ru was hacked for 98,167,935 users on February 17th, 2012 and this data set was provided to us by firstname.lastname@example.org who also provided the Last.fm mega breach.”
As per the analysis by LeakedSource, Rambler.ru users are provided with a username and the same username becomes part of their email address on the website. For instance, if you have created a user ID such as Hackreadiscool then you will use this ID to login to your account on Rambler.ru and the email address email@example.com will become your official email address on this website, which people will use to communicate with their contacts.
The data breach index website LeakedSource claims that the primary reason why Rambler.ru became a victim of this mega breach is that the password strings were not hashed. That is, the passwords were stored in plaintext format.
Now, we all know how insecure it is to store password string without any hashing or salting. So, most of the blame can be attributed to Rambler.ru’s security measures and salient practices.
The passwords were also quite weak. Such as there were passwords like “asdasd,” or “666666,” which are not only weak but also quite easy to brute-force. When the site conducted data verification process in collaboration with Russian media and journalists including Xakep.ru’s Maria Nefedova, it was identified that data was authentic.
2016 has been a very bad year for Russia dating, tech, gaming and social media industry. Just last month hackers stole 27 million accounts from Russia’s Internet company Mail.ru. In January 2016, Russian dating site TopFace was hacked when hackers stole 20 million login emails; in January again, a hacker was found selling 57 million login credentials stolen from Mail.ru while in June this year Russian version of Facebook VK.com was hacked and 100 million of its login credentials were stolen by unknown attackers.