Russian Internet service provider Mail.ru confirmed the leaks of 4.66 million user account credentials, which were posted publicly for anyone to see on a Russian Bitcoin Security Forum. The company claims the information dump is not the result of a direct attack against Mail.ru, but instead is the result of phishing scams stemming from the user account-end rather than a direct attack on Mail.ru servers.
When Mail.ru became aware of the data dump on the Bitcoin Security Forum the company began analyzing the database to see if the information was authentic. The investigation concluded that 95 percent of the leaked user accounts contained in the dump were previously flagged as compromised accounts; accounts that had been asked to change their passwords, accounts restricted from sending emails, or were simply inactive accounts.
According to Mail.ru the examination of the data set indicated that many of the published accounts had highly vulnerable passwords i.e. 123456, which Mail.ru contends that it’s not necessary to hack the network system to crack a password like 123456, just “hijack” a few. The inference made by Mail.ru is that the list posted on the Bitcoin forum was comprised from years of phishing and viruses incurred by the user’s lax passwords or unsafe security practices such as clicking on unknown links. However there are many in the cyber security field that would disagree, believing that the large number of stolen passwords is too great for it to have come from phishing and other scams of the like.
The data dump created a lot of speculation and theory about its origins and purposes amid the cyber security community. One such theory is that the Russian government is behind it in an effort to gain sway in public opinion for new Internet laws or directives regarding sensitive data storage methods and/or a government owned email service.
And while the Kremlin has been known to use such tactics to skew the opinion of its citizens in the past, this theory and others being speculated are just that – speculation. In what has become the daily breach environment we are faced with today, there could be any number of explanations for this data dump, but the most common explanations still remain to be greed and retaliation, or in other words, money and the desire to cause harm.
The data dump of Mail.ru accounts included email addresses and passwords and were verified as accurate by the other services they had subscribed to using the same user names and passwords. Mail.ru account holders should change their passwords immediately and that of any other services they have used the same credentials for.
Additional Resources About This Breach: