Massive VKontakte data breach: Personal info of 390 million users exposed

One of the hackers has revealed data from 390 million VKontakte (VK) users. How this data was obtained is unclear. However, the person behind the incident is known.

Hackread's analysis shows data from over 390 million users of the VKontakte service has been leaked online. This service is similar to Facebook and is popular in Russia and other Eastern countries. VKontakte is a platform created by Pavel Durov, who is also known for creating the Telegram app.

As reported by Hackread, it is not entirely clear how the hacker obtained the data. It may have resulted from a breach from an external company. However, experts now believe the data could have been obtained through social media scraping.

A hacker using the pseudonym Hikki-Chan shared the data. They made public the data of over 390 million users on the Breach Forums platform. The data package they gathered is substantial—it exceeds 29 GB.

The leaked data did not include phone numbers or passwords. However, it did include information such as city, country, full names, profile picture links, and email addresses. Although the amount of data obtained is significant, it is in Russian, which may hinder its use by other cyber criminals.

Authors from Hackread reportedly contacted the hacker. He stated that the data did not come from scraping and was not directly stolen from VK. Therefore, it was a "second-order" incident, meaning that VK was not directly breached, but the data was obtained through another breach that revealed VK data.

Although the hacker behind the attack has several successful large-scale actions in his portfolio, it is uncertain whether he is telling the truth. VKontakte denies the cybercriminal's scenario.

Representatives of VK responded to Hackread. In a statement, they said that there were no security breaches. All the data made public by the cybercriminal was available on publicly visible VK profiles.

Scraping is a technique for automatically extracting data from websites. This solution is not solely associated with cybercrime. Such techniques are also used for purposes such as analytics, price monitoring on given websites, competitor analysis, or checking user reviews. Unfortunately, this method can also collect a lot of data we share online. For this reason, it is worth considering how much we want to make public.