Russian social networking site VK.com has reportedly suffered a huge data breach, with the stolen account information of 171m users currently being sold on the dark web.
Details of the hack were first reported by data breach monitoring site LeakedSource last week, after confirming it had obtained a data set containing 100,544,934 records.
The breach is said to have taken place between 2012 and 2013, with hackers taking over 100m clear text passwords and other information from user accounts.
The site has now said the stolen data includes email addresses, first and last names and locations, as well as phone numbers, a visible password and sometimes a second email address.
The site, formerly known as Vkontakte, now has over 350m users, but at the time of the breach, there was an estimated 190m accounts – 100m of which were hacked.
The hacker has now been identified as a user going by the handle, “Tessa88”, who is also said to have been involved in the recent MySpace hackings.
The information taken from VK.com is now reportedly being sold on underground cybercrime sites for roughly one bitcoin, the equivalent of around $570.
The main concern about this information being sold on is that it will help criminals to engage in identity theft, allowing them to pass security checks using this leaked information.
The passwords stolen from VK.com were also saved as clear text, without encryption, hashing or salting, which is a major concern for users.
Of the passwords leaked, the most popular were 12345, 123456789 and qwerty, with the most common email addresses coming from email provider mail.ru.
To find out more, visit LeakedSource’s official blog post.