Hackers Steal 171M VK.com User Accounts

VK.com Suffers Data Breach

Social networking site VK.com is the latest victim in a string of targeted data breaches that have hit a host of other social media outlets such as LinkedIn, Tumblr and Myspace.

ZDNet reported on Monday (June 6) that a hacker obtained 171 million user accounts from VK, which is said to be the largest European social network.

The hack is believed to have taken place sometime between late 2012 and early 2013, but the hacker behind the breach is now selling a smaller subset of the database on a dark web marketplace for 1 bitcoin (a value of approximately $580).

The stolen database contains full names, email addresses and passwords, as well as locations and phone numbers in some cases.

ZDNet said that it was provided the for-sale database for verification purposes but had yet to hear back from any of the user accounts it reached out to for confirmation.

According to LeakedSource.com, a data aggregator that provides a searchable database for compromised information from data breaches, the password “123456” was the most frequently used among VK users.

In a statement to ZDNet, a VK.com representative said:

“We are talking about old logins/passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily. Please remember that installing unreliable software on your devices may cause your data loss. For security reasons, we recommend enabling 2-step verification in profile settings and using a strong password.”

Just last month, LinkedIn announced that a data breach it experienced in 2012 was much worse that it initially thought.

It was recently discovered that email and password information for more than 100 million LinkedIn members has been released as part of the data breach that was initially believed to have only impacted 6.5 million accounts.

Social networking sites remain a top target for cybercriminals, with Myspace also dealing with hackers who gained unauthorized access to its systems right before the Memorial Day holiday weekend to make the stolen user login data available online.