33 MILLION USERS AT RISK AFTER PASSWORDS LEAKED FROM MESSAGING SERVICE
33 million users’ account details have been leaked from a Russian instant messaging service in the latest mega breach. Like other recent discoveries, the data from QIP.ru is believed to have been stolen years ago, and the included information is dated between 2009 and 2011.
The 33,394,101 records include email addresses, usernames, passwords stored in plain text and other fields associated with the accounts.
Heroic, a cyber security firm that obtained and validated a copy of the data, is offering a searchable database for users to see if they are affected. Analysis of the data shows predictably poor password security on the part of QIP.ru’s users.
“123456”, “123123” and “111111” were again the most commonly used passwords, while the rest of the top ten consisted of similarly guessable sequences of numbers and letters.
Most of the affected accounts used mail.ru email addresses, although gmail.com was the fourth most common email domain in the database.
It marks the latest database from a historic breach to be found online.
Last week, usernames, email addresses and passwords belonging to 43.5 million Last.fm users were discovered online following a 2012 breach.
The week before, 68 million Dropbox users were put at risk after a database from a previously-disclosed 2012 data breach was uncovered by researchers.
A batch of Twitter usernames and passwords were also discovered by LeakedSource, although it is believed the users were hacked, rather than Twitter itself.
The service said it has “so many databases waiting to be added that if we were to add one per day it would take multiple years to finish them all”.
The breach-tracking website added it was “processing multiple more mega breaches”.
As always, users caught up in data breaches are advised to change their passwords both on the breached site and on any services where they used the same credentials.