Another day another hack, as 2016 continues to contend for the year of the hacks title. The hits keep on coming and another one has popped up. QIP.ru, a Russian instant messaging service is now the latest victim after being attacked by hackers. Heroic, a cyber security startup which is known to offer hacker and cyber attack protection to users who subscribe to the service said that they had gotten access to data which they had managed to validate which contained close to 33 million accounts. All the data contained in the data breach was linked with the Russian instant messaging platform, the startup noted.
The database that the company has in their hands contains up to 33,394,101 accounts and all the information was verified with the successful password reset attempts. The company said that they had gotten the database from a hacker well known in the hacking circles and going by the name daykalif@xmpp.jp. The firm said that user email addresses, passwords and other related files to the users were contained in the database.
All information involved in the database was from 2009-2011. There was no encryption or any hashing present on the passwords which means they were all stored in plain text. And since the hackers could easily enter people’s passwords without having to go through the hassle of decrypting them with the password cracking tools. They didn’t break any sweat when they needed to break into the users’ accounts.
Reports indicated that the breach might have happened back in 2011. The hack on the Russian instant messaging service marks the third time that a Russian service has been hit by cyber attackers. The recent Russian hack was that of the Russian Internet giant, Rambler, which saw more than a 100 million usernames and passwords all taken from the site.
Rambler is in many circles considered to be the Russian version of Yahoo. The data for all three Russian breaches has all come from hacks that happened back in 2012. Back in June, 100 million accounts which all belonged to the social media platform, VK, which is widely popular in Russia, were also leaked online and went up for sale on the dark web.
Also another thing similar with the recent QIP hack is that the passwords for the Rambler and VK hack were also not hashed nor encrypted, which meant hackers had relative ease gaining access into the users’ accounts once they had the data.
Other notable data leaks which have been highlighted over the past few months include that of Mail.ru. The past months have seen a rise in the number of data breach disclosures raising alarm from both users and security companies. LinkedIn, MySpace, and Dropbox also suffered these data breaches, showing that it’s not only limited to Russian sites.