A hacker has obtained 171 million user accounts associated with social networking giant, VK.com.
VK (originally VKontakte) is the largest European online social networking service with over 350 million users. It is based in St. Petersburg. It's available in several languages, but is especially popular among Russian-speaking users.
The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.
The hacker is now selling a smaller portion of the database -- 100 million accounts, which is a little over 17 gigabytes in size -- on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.
That same for-sale database was provided to ZDNet, a known business technology news website, for verification.
ZDNet examined the database that was provided by searching a selection of names in VK's public search engine -- many of which turned up valid results.
LeakedSource.com, a search engine that records breaches and allows users to search their details, also obtained a portion of the database, albeit a smaller data set of about 100 million records.
Predictably, given the social network's predominance in Russia,* the most common password was "123456"* in line with other breaches. LeakedSource.com also found that the most common email address came from mail.ru, which may not be a coincidence, since VK.com was bought by the Mail.ru group in 2014.
Breaches like these remind us of the importance of website security. *There are essential efforts that can help prevent or mitigate potential breaches, *but most require an investment.
At Digital Certification, our experts do perform some security tests when performing website reviews, however, we are no substitute to a penetration test. In any case, do make sure you get your website reviewed by professionals, it might fall less expensive to be cautious than to live with the risk of being breached.