Russian Internet giant Mail.Ru Group said that customer details stolen from 25 million customer accounts, taken from hacked servers belonging to the company and those of affiliated companies, have not been relevant for a long time and are no longer of any value to thieves.
In a statement to SCMagazineUK.com, an official spokesman of the company said all the passwords, that were stolen from Mail's account holders, have no value, being passwords from forums of game projects, which have been acquired by the company over the years.
The spokesman added that all forums and games operated by Mail.Ru Group were transferred to a single secure login system long ago and that these were not the subject of any hacker attacks.
According to the Russian Ministry of Internal Affairs, two hackers were able to obtain usernames, email addresses, passwords, phone numbers, birthdays and even some IP addresses, which can be used to find a user's location, in three separate attacks in July and August. It has been reported that around half of the passwords – some 12 million – were easily cracked using ready available cracking tools.
Sergey Anferov, a spokesman for the Russian Ministry of Internal Affairs' cyber-crime department, told SC that the hackers were able to use the vBulletin CMS vulnerability which was used in the hacked forums. The situation is aggravated by the fact that many users of these forums, whose accounts have been hacked, used simple passwords like "123456789" or similar combinations that could be easily cracked using brute force methods.
According to Russian police, personal data still attracts a lot of interest from hackers, who usually sell it for bitcoins on the black-market or sometimes to special services of certain states.
The police believe hackers are currently preparing new attacks on some leading Russian Internet companies, and it advises them to strengthen their IT to maintain their reputation and keep users of their web-servers safe.
Nikolay Nikiforov, Russia's Minister of Communications, told SC via his press office that the Russian government is aware of the increased number of hacker-attacks on the country's leading Internet companies, as well as the web-servers of state agencies, and the state is considering further tightening responsibilities for combating cyber-crimes.