Analysis of *.mail.ru Hack

August 24th, 2016

About Us

LeakedSource is already the best data breach monitoring service in the world and this batch of data pushes us over 2 billion records making us by far the largest as well. We're not done adding data either. Expect lots more breaches to be exposed including some in the crypto currency space.

We have already helped multiple companies secure their users with our API which provides cracked plaintext passwords from all 2 billion records for businesses to compare against their own users and forcibly change affected passwords. If you're interested in using our services, contact us about an API key.

Any journalists that want to get notified about breaches, DM us on Twitter with your email address.

Summary

Subdomains belonging to mail.ru were hacked in August of 2016.

Specifically they are:

cfire.mail.ru - 12,881,787 users, 6,226,196 passwords cracked at the time of this post.
parapa.mail.ru (main game) - 5,029,530 users, 3,329,532 passwords cracked at the time of this post.
parapa.mail.ru (forums) - 3,986,234 users, 2,907,572 passwords cracked at the time of this post.
tanks.mail.ru - 3,236,254 users, 0 passwords cracked at the time of this post.

We have so much data that we're also adding multiple other databases at the same time, a full list is below:

expertlaw.com - 190,938 users, 127,073 passwords cracked at the time of this post.
ageofconan.com - 433,662 users, 396,394 passwords cracked at the time of this post.
anarchy-online.com - 75,514 users, 21,775 passwords cracked at the time of this post.
freeadvice.com - 487,584 users, 246,958 passwords cracked at the time of this post.
gamesforum.com - 109,135 users, 46,758 passwords cracked at the time of this post.
longestjourney.com - 11,951 users, 6,782 passwords cracked at the time of this post.
ppcgeeks.com - 490,004 users, 257,542 passwords cracked at the time of this post.
thesecretworld.com (EN) - 227,956 users, 81,001 passwords cracked at the time of this post.
thesecretworld.com (FR) - 143,935 users, 34,676 passwords cracked at the time of this post.
thesecretworld.com (DE) - 144,604 users, 35,166 passwords cracked at the time of this post.

Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.

You may search for yourself any of the leaked databases by visiting our homepage.

Passwords

Not a single website used proper password storage, they all used some variation of MD5 with or without unique salts.

We thought the passwords used by the *.mail.ru communities were comical so here is their top 50

Rank	Password	Frequency
1	123456789	263,347
2	12345678	201,977
3	123456	89,756
4	1234567890	89,497
5	qwertyuiop	32,584
6	123123123	31,268
7	11111111	30,827
8	1q2w3e4r5t	30,087
9	1q2w3e4r	27,399
10	987654321	23,387
11	qazwsxedc	20,748
12	qweasdzxc	19,039
13	1234qwer	18,434
14	12344321	17,488
15	111111	16,372
16	88888888	14,651
17	1qaz2wsx	14,487
18	1234554321	14,262
19	qwertyui	14,187
20	123123	13,892
21	789456123	13,753
22	12345678910	13,568
23	00000000	13,548
24	123456789a	12,828
25	1234567	12,582
26	87654321	12,333
27	crossfire	12,091
28	0987654321	11,841
29	123321	11,609
30	asdfghjkl	11,395
31	qwerty	11,284
32	1q2w3e4r5t6y	11,021
33	123qweasdzxc	10,757
34	147258369	10,112
35	123654789	9,542
36	12345qwert	9,162
37	123456789q	9,148
38	qwer1234	8,965
39	12341234	8,588
40	qwerty123	8,563
41	q1w2e3r4t5	8,185
42	q1w2e3r4	8,183
43	1111111111	8,118
44	11223344	8,061
45	55555555	7,919
46	1qaz2wsx3edc	7,652
47	741852963	7,427
48	123qweasd	7,280
49	666666	7,263
50	1029384756	6,875

Table of Contents

About Us

Summary

Passwords