There are currently 2,649,875,832 / 3,109,103,084 accounts in our database.

September 6th, 2016

Table of Contents

Summary

Nearly 100 million records have been leaked online in yet another "mega breach", this time from the website Rambler.ru which for those who don't already know, they are the "Russian version of Yahoo". Rambler.ru was hacked for 98,167,935 users on February 17th, 2012 and this data set was provided to us by daykalif@xmpp.jp who also provided the Last.fm mega breach.


Each record contains:

  • A username/email address
  • ICQ # (yeah)
  • And some other internal data

Due to the fact that rambler.ru is an e-mail provider (like Gmail), when we say username/email together it's because usernames are always the first part of the email address. For example in the address webmaster@rambler.ru, "webmaster" would be the username that is always before "@rambler.ru".


We verified this database with the help of journalist Maria Nefedova who works for xakep.ru. Specifically we sent three of her friends the first portion of the passwords found attached to their accounts in this breach, and they were able to accurately fill in the rest (4-6 characters each) for us with 100% accuracy. Just like every single mega breach we have exposed before, attempts to contact Rambler by other journalists on our behalf have failed at the time of this post.


Companies that want to protect their users against hacking via password re-use from this and every other mega breach can contact us about using our API.


You also may search for your email or username in any leaked databases by visiting our homepage.

Passwords

Similar to the VK.com hack, passwords on rambler.ru were stored with no encryption or hashing (visible plaintext passwords). Here are the top 50.


Rank Password Frequency
1 asdasd 723,039
2 asdasd123 437,638
3 123456 430,138
4 000000 346,148
5 666666 249,812
6 654321 242,503
7 cfreyjdf 237,009
8 123321 236,871
9 555555 230,453
10 123123 222,983
11 7777777 207,347
12 12345678 196,474
13 1234567890 163,653
14 777777 138,500
15 121212 134,767
16 112233 124,950
17 987654321 87,908
18 123456789 86,841
19 123654 86,041
20 111111 85,735
21 999999 81,870
22 159753 79,849
23 222222 77,389
24 qazwsx 74,799
25 987654 70,822
26 123 69,018
27 gfhjkm 65,369
28 333333 64,383
29 zxcvbn 63,433
30 qwertyuiop 62,462
31 password 62,371
32 1111111 61,790
33 ifkfubyjd 61,661
34 1q2w3e 61,517
35 qwerty 60,928
36 355553 59,442
37 123qwe 59,118
38 123456q 58,484
39 12345 56,579
40 131313 56,257
41 159357 55,182
42 qwerty123 54,703
43 1234567 53,796
44 111222 53,616
45 zxcvbnm 53,597
46 147258 50,651
47 789456 49,227
48 pass123 48,402
49 888888 47,557
50 11111111 45,443

Misc

Other than passwords, there isn't much point in analyzing the other columns because they provide no interesting information. Nearly all of the emails in the leak end in @rambler.ru and although they apparently own a few other domains, the other domains are rarely used.


Here is an image of the breach file's headers for the technologically inclined, showing what system was targetted and some of Rambler's technology stack.


We do have more mega breaches coming soon so keep an eye out on our Twitter. Any journalists that want to get notified about all future breaches, DM us on Twitter with your email address.


Again, do strongly encourage all companies to contact us about using our API to make your users immune to the effects of data breaches. Many companies have already used our services to great success.


Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.


Signing off until the next breach (so tomorrow), LeakedSource.