Following the recent cyber-attacks on Mail.Ru Group, which resulted in 25 million registered users having their personal details stolen, the next target of hacker attacks was Russian search engine and one of the biggest Russian web portals, Rambler.
According to a recent statement on Leakedsource.com, Rambler's database of nearly 100 million users was illegally accessed and details stolen back in February 2012, as a result of a hacker attack.
According to Leakedsource.com, this earlier leak may still pose a serious threat to the privacy of these users.
In a statement to SCMagazineUK.com, Sofia Ivanova, an official spokesman of Rambler & Co, said that this leakage will not be a problem for users of the company.
According to Ivanova, the company conducted an investigation, and found the database appearing in free access for the first time since 2014, compromising approximately four million active users of the company.
Ivanova has also added the remaining affected users had used simple passwords (being a combination of "123456," or similar), which were cracked by hackers with using brute-force. She has not ruled out the possibility that some users can re-enter old passwords after a forced password change by the company.
In the meantime, a spokesman of the ‘K' department of the Russian Ministry of Internal Affairs (specialising in the fight against cyber-crimes), told SC that similar to Mail.ru, Rambler is trying to put a brave face on the breach, noting how companies will often do everything possible to minimise publicity about breaches, as such incidents are great reputational risks for the company and may result in the loss of users from its web services and thus reduced revenues.
The same view is shared by Sergey Sokolov, deputy editor of Kiberbezopasnost Magazine, one of Russia's leading IT security publications, who told SC that in recent years social networks and internet companies have become one of the major targets of hacker attacks. He noted that in their pursuit of new users, these companies often pay insufficient attention to cyber-security.