Mail.ru forums have been hacked resulting in over 25 million user accounts being compromised. Hackers breached three separate forums – cfire.mail.ru (Cross Fire game), parapa.mail.ru (ParaPa Dance City game) and tanks.mail.ru (Ground War: Tank game) hosted by the Russian internet giant, and stole usernames, email addresses, passwords and more. The Mail.ru subdomains were hacked earlier in August.
The breach was reportedly the work of two unknown hackers who used SQL injection vulnerabilities found in older vBulletin forum software to gain access to the sites. None of the hacked forums used modern password storage methods, according to breach notification site LeakedSource.
An analysis of the breached database indicates that hackers stole around 12.8 million accounts from cfire.mail.ru, 8.9 million accounts from parapa.mail.ru and 3.2 million records from tanks.mail.ru. In addition to emails and passwords, in some cases, the hackers were able to access IP addresses, which could potentially provide them with the users' physical address and phone numbers.
Mail.ru has attempted to downplay the cyberattack. A spokesperson of the Russian firm told ZDNet: "They are old passwords to the forums of game projects that Mail.ru Group acquired over the years. All Mail.ru Group's forums and games have been using a secure integrated authorisation system for a long time by now. These passwords have never been related to email accounts and other services of the company in any way."
LeakedSource also said in its blog post that 10 additional sites had been hacked via vBulletin forums, with a total of 2.3 million records stolen. The topmost commonly used password among the Mail.ru communities was found to be the ever-present and simple-to-guess "123456789", which was used over 260,000 times.
This is not the first time that hackers have targeted the Russian internet giant. In June, the firm's social media site VK.com was breached and around 100 million user accounts were put up for sale on the dark web.