There are currently 4,484,273,603 accounts in our database.

September 6th, 2016

Table of Contents

Summary

Nearly 100 million records have been leaked online in yet another "mega breach", this time from the website Rambler.ru which for those who don't already know, they are the "Russian version of Yahoo". Rambler.ru was hacked for 98,167,935 users on February 17th, 2012 and this data set was provided to us by [email protected] who also provided the Last.fm mega breach.


Each record contains:

  • A username/email address
  • ICQ # (yeah)
  • And some other internal data

Due to the fact that rambler.ru is an e-mail provider (like Gmail), when we say username/email together it's because usernames are always the first part of the email address. For example in the address [email protected], "webmaster" would be the username that is always before "@rambler.ru".


We verified this database with the help of journalist Maria Nefedova who works for xakep.ru. Specifically we sent three of her friends the first portion of the passwords found attached to their accounts in this breach, and they were able to accurately fill in the rest (4-6 characters each) for us with 100% accuracy. Just like every single mega breach we have exposed before, attempts to contact Rambler by other journalists on our behalf have failed at the time of this post.


Companies that want to protect their users against hacking via password re-use from this and every other mega breach can contact us about using our API.


You also may search for your email or username in any leaked databases by visiting our homepage.

Passwords

Similar to the VK.com hack, passwords on rambler.ru were stored with no encryption or hashing (visible plaintext passwords). Here are the top 50.


RankPasswordFrequency
1asdasd723,039
2asdasd123437,638
3123456430,138
4000000346,148
5666666249,812
6654321242,503
7cfreyjdf237,009
8123321236,871
9555555230,453
10123123222,983
117777777207,347
1212345678196,474
131234567890163,653
14777777138,500
15121212134,767
16112233124,950
1798765432187,908
1812345678986,841
1912365486,041
2011111185,735
2199999981,870
2215975379,849
2322222277,389
24qazwsx74,799
2598765470,822
2612369,018
27gfhjkm65,369
2833333364,383
29zxcvbn63,433
30qwertyuiop62,462
31password62,371
32111111161,790
33ifkfubyjd61,661
341q2w3e61,517
35qwerty60,928
3635555359,442
37123qwe59,118
38123456q58,484
391234556,579
4013131356,257
4115935755,182
42qwerty12354,703
43123456753,796
4411122253,616
45zxcvbnm53,597
4614725850,651
4778945649,227
48pass12348,402
4988888847,557
501111111145,443

Misc

Other than passwords, there isn't much point in analyzing the other columns because they provide no interesting information. Nearly all of the emails in the leak end in @rambler.ru and although they apparently own a few other domains, the other domains are rarely used.


Here is an image of the breach file's headers for the technologically inclined, showing what system was targetted and some of Rambler's technology stack.


We do have more mega breaches coming soon so keep an eye out on our Twitter. Any journalists that want to get notified about all future breaches, DM us on Twitter with your email address.


Again, do strongly encourage all companies to contact us about using our API to make your users immune to the effects of data breaches. Many companies have already used our services to great success.


Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.


Signing off until the next breach (so tomorrow), LeakedSource.

Follow @LeakedDatabase