100 million accounts, including user names, logins and phone numbers, were allegedly stolen in a VK.com hack, then put on sale for US$580 in bitcoins, LeakedSource reported.
As the Russian social networking site was breached approximately three or four years ago and it is common for hackers to attempt to sell fake lists, LeakedSource is currently investigating the legitimacy of these accounts.
LeakedSource received the database from a user with the alias Tessa88[at]exploit.im, the hacker who tried to sell stolen MySpace credentials. The data repository from the LinkedIn, MySpace.com, Badoo.com and VK.com breaches is available and users are encouraged to check if their credentials have been compromised.
The 55 most-used passwords are also available for review and, although users are constantly warned about the importance of strong passwords, the most common is “123456”.
“Passwords were stored in plaintext with no encryption or hashing,” the search-engine found. “The methods VK used for storing passwords are not what internet standards propose because hackers can now see all 100 million passwords used on the site.”
Following a number of requests, LeakedSource is working on launching a business API that companies can use to check if their users’ credentials were leaked.