Table of Contents
About us
LeakedSource is already the best data breach monitoring service in the world and this batch of data pushes us over 2 billion records making us by far the largest as well. We're not done adding data either. Expect lots more breaches to be exposed including some in the crypto currency space.We have already helped multiple companies secure their users with our API which provides cracked plaintext passwords from all 2 billion records for businesses to compare against their own users and forcibly change affected passwords. If you're interested in using our services, contact us about an API key.
Any journalists that want to get notified about breaches, DM us on Twitter with your email address
Summary
Subdomains belonging to mail.ru were hacked in August of 2016.Specifically they are:
- cfire.mail.ru - 12,881,787 users, 6,226,196 passwords cracked at the time of this post.
- parapa.mail.ru (main game) - 5,029,530 users, 3,329,532 passwords cracked at the time of this post.
- parapa.mail.ru (forums) - 3,986,234 users, 2,907,572 passwords cracked at the time of this post.
- tanks.mail.ru - 3,236,254 users, 0 passwords cracked at the time of this post.
- expertlaw.com - 190,938 users, 127,073 passwords cracked at the time of this post.
- ageofconan.com - 433,662 users, 396,394 passwords cracked at the time of this post.
- anarchy-online.com - 75,514 users, 21,775 passwords cracked at the time of this post.
- freeadvice.com - 487,584 users, 246,958 passwords cracked at the time of this post.
- gamesforum.com - 109,135 users, 46,758 passwords cracked at the time of this post.
- longestjourney.com - 11,951 users, 6,782 passwords cracked at the time of this post.
- ppcgeeks.com - 490,004 users, 257,542 passwords cracked at the time of this post.
- thesecretworld.com (EN) - 227,956 users, 81,001 passwords cracked at the time of this post.
- thesecretworld.com (FR) - 143,935 users, 34,676 passwords cracked at the time of this post.
- thesecretworld.com (DE) - 144,604 users, 35,166 passwords cracked at the time of this post.
You may search for yourself any of the leaked databases by visiting our homepage. If your personal information appears in our copy of this database, or in any other leaked database that we possess, you may remove yourself for free.
Passwords
Not a single website used proper password storage, they all used some variation of MD5 with or without unique salts.We thought the passwords used by the *.mail.ru communities were comical so here is their top 50
| Rank | Password | Frequency |
|---|---|---|
| 1 | 123456789 | 263,347 |
| 2 | 12345678 | 201,977 |
| 3 | 123456 | 89,756 |
| 4 | 1234567890 | 89,497 |
| 5 | qwertyuiop | 32,584 |
| 6 | 123123123 | 31,268 |
| 7 | 11111111 | 30,827 |
| 8 | 1q2w3e4r5t | 30,087 |
| 9 | 1q2w3e4r | 27,399 |
| 10 | 987654321 | 23,387 |
| 11 | qazwsxedc | 20,748 |
| 12 | qweasdzxc | 19,039 |
| 13 | 1234qwer | 18,434 |
| 14 | 12344321 | 17,488 |
| 15 | 111111 | 16,372 |
| 16 | 88888888 | 14,651 |
| 17 | 1qaz2wsx | 14,487 |
| 18 | 1234554321 | 14,262 |
| 19 | qwertyui | 14,187 |
| 20 | 123123 | 13,892 |
| 21 | 789456123 | 13,753 |
| 22 | 12345678910 | 13,568 |
| 23 | 00000000 | 13,548 |
| 24 | 123456789a | 12,828 |
| 25 | 1234567 | 12,582 |
| 26 | 87654321 | 12,333 |
| 27 | crossfire | 12,091 |
| 28 | 0987654321 | 11,841 |
| 29 | 123321 | 11,609 |
| 30 | asdfghjkl | 11,395 |
| 31 | qwerty | 11,284 |
| 32 | 1q2w3e4r5t6y | 11,021 |
| 33 | 123qweasdzxc | 10,757 |
| 34 | 147258369 | 10,112 |
| 35 | 123654789 | 9,542 |
| 36 | 12345qwert | 9,162 |
| 37 | 123456789q | 9,148 |
| 38 | qwer1234 | 8,965 |
| 39 | 12341234 | 8,588 |
| 40 | qwerty123 | 8,563 |
| 41 | q1w2e3r4t5 | 8,185 |
| 42 | q1w2e3r4 | 8,183 |
| 43 | 1111111111 | 8,118 |
| 44 | 11223344 | 8,061 |
| 45 | 55555555 | 7,919 |
| 46 | 1qaz2wsx3edc | 7,652 |
| 47 | 741852963 | 7,427 |
| 48 | 123qweasd | 7,280 |
| 49 | 666666 | 7,263 |
| 50 | 1029384756 | 6,875 |