mail.ru Dump
What was exposed
Email addressesPasswords
What to do if you were affected
- Change your password for this account, and anywhere you reused it. Turn on two-factor authentication.
- Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
Details
In September 2014, several large dumps of user accounts appeared on the Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain. Whilst unlikely to be the result of a direct attack against mail.ru , the credentials were confirmed by many as legitimate for other services they had subscribed to. Further data allegedly valid for mail.ru and containing email addresses and plain text passwords was added in January 2018 bringing to total to more than 16M records. The incident was also then flagged as "unverified", a concept that was introduced after the initial data load in 2014 .
Frequently asked questions
What is the mail.ru Dump data breach?
In September 2014, several large dumps of user accounts appeared on the Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain. Whilst unlikely to be the result of a direct attack against...
When did the data breach happen?
This data breach occurred around September 2014.
How many accounts were affected?
Around 16,630,988 accounts were affected.
What information was exposed?
Exposed data included Email addresses and Passwords.
What should I do if I was affected?
Change your password for this account, and anywhere you reused it. Turn on two-factor authentication. Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
Related breaches