Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over 25 Million Accounts Stolen After Mail.ru Forums Hacked (zdnet.com)

Posted by msmash on from the security-blues dept.

An anonymous reader writes: Over 25 million accounts associated with forums hosted by Russian internet giant Mail.ru have been stolen by hackers. Two hackers carried out attacks on three separate game-related forums in July and August. One forum alone accounted for almost half of the breached data -- a little under 13 million records; the other two forums making up over 12 million records. The databases were stolen in early August, according to breach notification site LeakedSource.com, which obtained a copy of the databases. The hackers' names aren't known, but used known SQL injection vulnerabilities found in older vBulletin forum software to get access to the databases. An analysis of the breached data showed that hackers took 12.8 million accounts from cfire.mail.ru; a total of 8.9 million records from parapa.mail.ru, and 3.2 million accounts from tanks.mail.ru. The hackers were able to obtain usernames, email addresses, scrambled passwords, and birthdays.

4 of 25 comments (clear)

  1. big woop by BringsApples · · Score: 2

    The hackers were able to obtain usernames, email addresses, scrambled passwords, and birthdays.

    So they have usernames (made up), email addresses (like I have on my business card), scrambled passwords (not even sure if this matters), and birthdays (not really something that many keep private anyway). I wouldn't care if any of this were taken from me, even if it were my gmail account.

    --
    Politics; n. : A religion whereby man is god.
    1. Re:big woop by The-Ixian · · Score: 2

      It depends on how the passwords were "scrambled"

      Even if they were just hashes, those hashes could be used to correlate against a number of existing password databases from previous leaks (if the hashing algrothims are known or can be guessed). That could then give you better data on who is using the same password elsewhere.

      Also, a birthday is not a trivial piece of information. It is used as a security question all too often. It also give the attacker more clues about you which is never good.

      --
      My eyes reflect the stars and a smile lights up my face.
  2. I bet... by sciengin · · Score: 4, Funny

    I bet it was again those evil russian hack-
    Oh wait...

  3. Someone hacked the Russians? by russotto · · Score: 2

    Maybe it was the DNC thinking payback was fair play?