vKontakte, Russian Facebook hacked, accounts sold online

First it was Tumblr, then MySpace, and now vKontakte. The Russian social media behemoth has been hacked, and the login credentials of more than 100 million users are now available for purchase on the dark web.

Just like with the earlier cases, the same hacker going by the name Peace is selling the database, on the dark web marketplace The Real Deal, for 1 Bitcoin (roughly $570, or £394)

Motherboard says Peace has another 71 million credentials from the same site in his possession, but will not sell them just yet.

The credentials have been stolen sometime between 2011 and 2013, with the exact date unknown. The usernames and the passwords were just sitting there, in plain text, Peace said. There was no need to decrypt them in the process.

Motherboard tested 100 of these accounts, and 92 were legitimate. What’s even more scary is that some of these accounts come with a phone number attached. This is because the phone number is sometimes used as a security measure.

According to LeakedSource, the database was provided by someone going by the name Tessa88 (same person behind the MySpace leak).

It seems as the Russians have the same (bad) habits as the Western world, when it comes to poor and weak passwords: 123456, QWERTY, QWERTYUIOP, and 123123 were the most common passwords found, with the first one being found in 709,067 instances.

vKontakte was not available for comment.

MySpace accounts were recently being sold on the same dark web marketplace. A total of 427 million usernames and passwords were being sold for roughly £1,920.