Share this article on:
A hacker has released limited personal details of a vast number of users of a popular Russian app founded by arrested Telegram founder Pavel Durov.
A hacker is claiming to have shared the details of 390,425,719 users of the popular Russian social networking app VK.
Going by the name of HikkI-Chan, the hacker has posted the data for sale on a popular clear web hack forum for eight site credits, roughly equivalent to a few dollars.
“Today I have uploaded the VK Database for you to download. Thanks for reading and enjoy,” HikkI-Chan said in a 2 September post.
“In September 2024, VK (VKontakte), one of the largest social networking platforms in Russia, suffered a massive data breach. This breach exposed the personal information of hundreds of millions of users, including basic identification and location details.”
The data includes user IDs, full names, gender, users’ country and city, and a link to their profile image.
The apparent hacker included a list of sample data in a follow-up post in the thread, and while the data certainly appears genuine, the user and location names are all recorded in Cyrillic.
Other forum members disputed that HikkI-Chan was responsible for a data breach, but the hacker backed up his claims and even spoke to media outlet Hackread.com about the breach.
“The data in question is from a second-order breach,” the hacker said.
“It wasn’t sourced directly from VK but rather obtained through a third-party breach that exposed VK data.”
However, a spokesperson for VK has denied any such breach occurred.
"We can confirm that there have been no security breaches of any kind, including those involving personal information," VK told Cyber Daily.
"VK user data is securely protected, and the content in question was collected solely from publicly available sources. This information does not contain any confidential data, but consists of details that our users have voluntarily shared on their profiles."
VK – founded by Telegram founder Pavel Durov, his brother Nikolai, Vyacheslav Mirilashvili, and Lev Leviev in St Petersburg in 2006 – has quite the history of data leaks impacting its users.
Since 2021, various threat actors have scraped and leaked data from the platform at least a dozen times. It’s also a frequent target of distributed denial-of-service (DDoS) attacks.
VK’s website said it currently has 100 million active users who share up to 15 billion messages each day. The social media platform is available in 82 languages.
The threat actor, HikkI-Chan, has made several posts on the hacking forum this year, sharing data breached from victims such as the Ministry of Internal Affairs of the Russian Federation and the Florida Department of Transportation.
UPDATED 04/09/24 to add commentary from VK.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.