Skip to main content

vKontakte, Russian Facebook hacked, accounts sold online

First it was Tumblr, then MySpace, and now vKontakte. The Russian social media behemoth has been hacked, and the login credentials of more than 100 million users are now available for purchase on the dark web.

Just like with the earlier cases, the same hacker going by the name Peace is selling the database, on the dark web marketplace The Real Deal, for 1 Bitcoin (roughly $570, or £394)

Motherboard (opens in new tab)says Peace has another 71 million credentials from the same site in his possession, but will not sell them just yet.

The credentials have been stolen sometime between 2011 and 2013, with the exact date unknown. The usernames and the passwords were just sitting there, in plain text, Peace said. There was no need to decrypt them in the process.

Motherboard tested 100 of these accounts, and 92 were legitimate. What’s even more scary is that some of these accounts come with a phone number attached. This is because the phone number is sometimes used as a security measure.

According to LeakedSource, the database was provided by someone going by the name Tessa88 (same person behind the MySpace leak).

It seems as the Russians have the same (bad) habits as the Western world, when it comes to poor and weak passwords: 123456, QWERTY, QWERTYUIOP, and 123123 were the most common passwords found, with the first one being found in 709,067 instances.

vKontakte was not available for comment.

MySpace accounts were recently being sold on the same dark web marketplace. A total of 427 million usernames and passwords were being sold for roughly £1,920.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.