Russia’s Mail.ru Hacked Again; 27 million Accounts Stolen

Another day another hack — This time, it’s Mail.Ru, a Russian Internet company hacked due to a security flaw in vBulletin forum software.

A group comprising of just two hackers hacked Russia’s biggest internet company Mail.ru and stole a trove of data from forums hosted on the company’s server between July and August 2016.

The total data which is about 27 million accounts was stolen from three different gaming forums, precisely 12.8 million accounts were stolen from cfire.mail.ru (CrossFire gaming forum) while 8.9 million and 3.2 million records were hacked from parap.mail.ru (Rhythm game “Couple Pa: City Dance) and tanks.mail.ru (Ground War: Tanks) respectively. The leaked data includes emails, usernames, passwords, IP addresses and date of birth of registered users.

Full list of hacked domains and how many accounts were stolen from each domain can be seen below:

How were these forums hacked?

Apparently, Mail.ru was using an old and outdated version of vBulletin forum software which allows attackers to perform SQL injection and bypass the security. It seems that anyone could have hacked the system given the low standard version of the software being used to run these forums along with an easily crackable password standard MD5.

The data mining company LeakeSource.com reported that it has added the hacked accounts in its database in addition to 2.3 million other records from ten different websites.

Previously, EpicGames Forums, GTA Fan forum and Dota2 forums also faced security breaches where hackers stole millions of login accounts, all because both forums were using the same old and outdated version of vBulletin software.

This is not the first time when Mail.ru has been hacked. In May 2016, Russian hackers stole 57million of Mail.ru, 33million of Hotmail, 40 million of Yahoo and 24 million of Gmail accounts belong to Russian users. Also, Mail.ru’s subsidiary VK.com was also hacked in June where hackers stole 100 Million accounts and sold in on a Dark Web forum.

Here is a list of most used passwords obtained from the hacked forums and yes, 123456789 was users’ favorite.

Nevertheless, Mail.ru’s spokesperson Nataliya Bogdanovich denied the breach and stated that the passwords were simply a collection of old game projects that were bought by Mail.ru. She said that a very secure integrated system is in operation protecting all of Mail.ru’s forums and the hacked passwords never had any relation to any email accounts.