Massive VK data leak: Hacker exposes information of 390 million users

One of the hackers has disclosed data from 390 million users of the VKontakte (VK) service. How this data was obtained is unclear. However, the person behind the incident is known.

Hackread's analysis shows that data from over 390 million users of the VKontakte service have been leaked online. This service, similar to Facebook, is popular in Russia and other Eastern countries. Pavel Durov, who is also known for creating the Telegram app, created VKontakte.

As reported by Hackread, it is not entirely clear how the hacker obtained the data. It may have resulted from a breach from an external company. However, experts now believe the data could have been obtained through social media scraping.

A hacker using the pseudonym Hikki-Chan shared the data. He made public the data of over 390 million users on the Breach Forums platform. The data package he gathered is substantial—it exceeds 31 gigabytes.

The leaked data did not include phone numbers or passwords. However, it did include information such as city, country, full names, profile picture links, and email addresses. Although the amount of data obtained is significant, it is in Russian, which may hinder its use by other cyber criminals.

Authors from Hackread reportedly contacted the hacker. He stated that the data did not come from scraping and was not directly stolen from VK. Therefore, it was a "second-order" incident, meaning that VK was not directly breached, but the data was obtained through another breach that revealed VK data.

Although the hacker behind the attack has several successful large-scale actions in his portfolio, it is uncertain whether he is telling the truth. VKontakte denies the cybercriminal's scenario.

Representatives of VK responded to Hackread. In a statement, they said that there were no security breaches. All the data made public by the cybercriminal was available on publicly visible VK profiles.

Scraping is a technique for automatically extracting data from websites. This solution is not solely associated with cybercrime. Such techniques are also used for purposes such as analytics, price monitoring on given websites, competitor analysis, or checking user reviews. Unfortunately, this method can also collect a lot of data we share online. For this reason, it is worth considering how much we want to make public.