What happened
According to public breach records, the VK data breach on January 1, 2012 is reported to have exposed the personal information of 93,338,602 accounts.
In approximately 2012, the Russian social media site known as VK was hacked and almost 100 million accounts were exposed. The data emerged in June 2016 where it was being sold via a dark market website and included names, phone numbers email addresses and plain text passwords.
Passwords in this breach were reportedly stored in plaintext.
In June 2016, a trove of roughly 93-100 million VK (VKontakte, Russia's largest social network) account records dating to around January 2012 surfaced for sale on dark-web markets, offered by a hacker using the alias Peace for about 1 bitcoin. Each record contained a full name, email address, location, phone number, and a password stored as plaintext with no hashing, making the credentials immediately usable. The same seller was simultaneously circulating older mega-breaches from LinkedIn, MySpace, and Tumblr; VK characterized the data as old logins collected by fraudsters in 2011-2012 and urged users to reset passwords and enable two-factor authentication.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Names
- Passwords
- Phone numbers
Breach details
| Detail | Value |
|---|---|
| Breach name | VK |
| Date | January 1, 2012 |
| Accounts affected | 93,338,602 |
| Domain | vk.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by VK; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your VK password immediately and update it anywhere you reused it, since the leaked passwords were stored in plaintext.
- Enable two-factor authentication on VK and any account sharing the exposed email address.
- Be wary of phishing emails and SMS that reference your name, city, or phone number.
- Watch for login alerts on linked accounts in case of credential stuffing with the leaked pairs.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: VK Data Breach
- Over 100 Million VK.com Customer Records for Sale - Infosecurity Magazine
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →