Russian internet giant Rambler.ru hacked, leaking 98 million accounts

The internet big did not deny that it hold on passwords in unencrypted plaintext, however it prompt that its secret security policies ar way stronger currently.

Russian net portal and email supplier Rambler.ru has become the newest victim in an exceedingly growing list of historical hacks.
Breach notification website LeakedSource.com, that obtained a duplicate of an interior client information, aforementioned the attack dates back to Feb. 17, 2012.
More than ninety eight.1 million accounts were within the information, as well as usernames, email addresses, social account knowledge, and passwords, the cluster aforementioned in an exceedingly diary post. not like different major breaches, those passwords were hold on in unencrypted plaintext, that means anyone at the corporate may simply see passwords.
The last time a breach on this scale was found victimization plaintext secret storage was Russian social networking website VK.com, that saw 171 million accounts taken within the breach.
Rambler.ru currently joins the hacked ranks of LinkedIn and Last.fm in 2012, also as MySpace and Tumblr in 2013.
LeakedSource aforementioned it had verified the breach, and it's value-added the cache into its searchable information.
Rambler.ru is one amongst the biggest websites within the world, and one amongst the foremost visited in Russia. supported in 1996, the corporate provides search, news, email, and advertising, creating it a powerhouse of the Russian net. the corporate competes with Yandex, also like Mail.ru (also owns VK.com), that created headlines for a second time this year for suffering at the hands of hackers.
After a varied back and forth with Rambler.ru Chief info Officer Ilya Zuev, the corporate issued the subsequent response:
"We comprehend that information. it absolutely was leaked March 2014 and contained a lot of accounts. Right once the accident we tend to forced our users to vary their passwords. these days [a] state of affairs like that's not possible. we tend to don't store passwords in plain text, all knowledge is encrypted (passwords hashed), we've got value-added mobile verification possibility and perpetually prompt our users concerning the requirement of adjusting passwords."

The company added: "We even have impermissible [the use of] antecedently used passwords for an equivalent account."