Joseph Cox reports:
Accounts for over 100 million users of popular social media site VK.com are being traded on the digital underground.
Breach notification site LeakedSource obtained the data and published an analysis on Sunday. The hacker known as Peace, meanwhile, listed the data for sale on a dark web marketplace.
[…]
Peace provided Motherboard with a dataset containing a total of 100,544,934 records, and LeakedSource provided a smaller sample for verification purposes. The data contains first and last names, email address, phone numbers and passwords.
Read more on Motherboard. These data are apparently from a breach several years ago (circa 2011-2013). Earlier today, Motherboard updated its post to note that a VK spokesperson denied that the site had been breached:
“VK database hasn’t been hacked. We are talking about old logins/passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily. Please remember that installing unreliable software on your devices may cause your data loss. For security reasons, we recommend enabling 2-step verification in profile settings and using a strong password.”
That’s all well and good, except that if the data are up for sale now, they likely do contain some still-valid passwords despite any “compulsory” reset a few years ago.