Passwords not hashed in 98 million hacked user accounts

News by Danielle Correa

Russian email provider, the apparent equivalent of Yahoo, is the latest victim of a data breach. The login credentials of over 98 million users of the service have been stolen and dumped online.

The stolen data included email addresses, usernames, social account data, and passwords that had reportedly been stored in unencrypted plain text, visible for anyone to easily see. verified the breach and said the cache of credentials were dated from 2012, but were only now leaked and put online. Russian journalists assisted in the verification of some of the data.

Analysis of the passwords showed that the most popular string used by over 723,000 people was “asdasd”. The second most popular password was “asdasd123”, used by over 400,000 accounts.

In a statement, the company issued this response: “We know about that database. It was leaked March 2014 and contained millions of accounts. Right after the accident we forced our users to change their passwords. Nowadays [a] situation like that is impossible. We do not store passwords in plain text, all data is encrypted (passwords hashed), we have added mobile phone verification option and constantly remind our users about the necessity of changing passwords. We also have forbidden [the use of] previously used passwords for the same account.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews