98 Million Records from 2012 Rambler.ru Data Breach Dumped

The Rambler.ru data breach that occurred on February 17, 2012 involved the theft of usernames, plain text passwords, ICQ numbers, and other internal data. In total, the credentials of 98,167,935 users were stolen in the cyberattack. Email addresses were also compromised, since the username is used to create email addresses.

The same individual responsible for providing the last.fm data to LeakedSource has handed over the datasets from the 2012 Rambler.ru data breach.

The contents of the database were independently verified as genuine by a Russian journalist – Maria Nefedova. She sent the first portion of passwords to three different users. Those users responded and provided the remaining 4-6 digits of the passwords, confirming the data set was real.

The 2012 Rambler.ru data breach ranks as one of the largest data breaches ever discovered. It occurred in 2012 along with a number of other large scale breaches such as the 171 million-record breach at vk.com, the 117 million-record breach at LinkedIn, the 68-million record breach at Dropbox, and the 43 million-record breach at last.fm. 427 million MySpace passwords and 65 million Tumblr records were stolen a year later in 2013. The data from all of these attacks have recently surfaced after being dumped to the public.

It is unclear why it has taken so long for the data to appear and why the data dumps have occurred now. Presumably the attackers have no further use for the data and have chosen to sell the data on to another individual who has chosen to list the information for sale.

Plaintext Passwords Stolen in 2012 Rambler.ru Data Breach

The dataset from the 2012 Rambler.ru data breach included plaintext passwords that had no hashing or encryption, making it easy for the criminals to use the information.

Any user that shared passwords across multiple platforms could have had multiple accounts compromised. The data breach shows why it is so important to use a unique password for each online account and never to share passwords across multiple platforms. However the practice is commonplace, in spite of the risks.

The data dump also shows that – in 2012 at least – many users failed to use secure passwords. The top ten most common passwords in the stolen data were:

  • asdasd (723,039 users)
  • asdasd123 (437,638 users)
  • 123456 (430,138 users)
  • 000000 (346,148 users)
  • 666666 (249,812 users)
  • 654321 (242,503 users)
  • cfreyjdf (237,009 users)
  • 123321 (236,871 users)

Unfortunately, the practice of using easy to remember passwords continues. Earlier this year, SplashData published a list of the top 100 passwords used in 2015. The list was compiled using information obtained from data dumps in 2015. As was the case in 2014, the most common password was 123456.

The use of easily guessable passwords places users and employers at a high risk of being hacked. Even so, many users fail to use complex passwords. Many employers have also yet to implement password policies that ensure that complex passwords are set by all users, or implement forced password resets periodically.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news