General NewsMassive VKontakte data breach: Personal info of 390 million users exposed

Massive VKontakte data breach: Personal info of 390 million users exposed

One of the hackers has revealed data from 390 million VKontakte (VK) users. How this data was obtained is unclear. However, the person behind the incident is known.

User data leaked from VKontakte
User data leaked from VKontakte
Images source: © Pixabay

4:24 PM EDT, September 5, 2024

Hackread's analysis shows data from over 390 million users of the VKontakte service has been leaked online. This service is similar to Facebook and is popular in Russia and other Eastern countries. VKontakte is a platform created by Pavel Durov, who is also known for creating the Telegram app.

As reported by Hackread, it is not entirely clear how the hacker obtained the data. It may have resulted from a breach from an external company. However, experts now believe the data could have been obtained through social media scraping.

A hacker using the pseudonym Hikki-Chan shared the data. They made public the data of over 390 million users on the Breach Forums platform. The data package they gathered is substantial—it exceeds 29 GB.

Huge leak from VKontakte

The leaked data did not include phone numbers or passwords. However, it did include information such as city, country, full names, profile picture links, and email addresses. Although the amount of data obtained is significant, it is in Russian, which may hinder its use by other cyber criminals.

Authors from Hackread reportedly contacted the hacker. He stated that the data did not come from scraping and was not directly stolen from VK. Therefore, it was a "second-order" incident, meaning that VK was not directly breached, but the data was obtained through another breach that revealed VK data.

Data from scraping?

Although the hacker behind the attack has several successful large-scale actions in his portfolio, it is uncertain whether he is telling the truth. VKontakte denies the cybercriminal's scenario.

Representatives of VK responded to Hackread. In a statement, they said that there were no security breaches. All the data made public by the cybercriminal was available on publicly visible VK profiles.

Scraping is a technique for automatically extracting data from websites. This solution is not solely associated with cybercrime. Such techniques are also used for purposes such as analytics, price monitoring on given websites, competitor analysis, or checking user reviews. Unfortunately, this method can also collect a lot of data we share online. For this reason, it is worth considering how much we want to make public.

Related content
© conflictwatcher.com
·About us
·Terms of service
·Contact us
·Privacy policy
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.