Hacker ‘HikkI-Chan’ leaks personal data of over 390 million VK users on Breach Forums, including city, country, full names, and profile image URLs. Hackread.com investigates this massive privacy breach.
A hacker using the alias “HikkI-Chan” has leaked the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums.
The hacker claims that the breach occurred in September 2024 and that the data is up to date. For your information, VK, or VK.com, is a popular social networking service based in Russia. The site functions similarly to Facebook and is one of the largest social media platforms in Russia and other Eastern European countries.
VK.com was founded by Pavel Durov in 2006. Durov, a Russian entrepreneur, later co-founded the messaging service Telegram and was arrested in France last week over accusations related to Telegram moderation.
The Breach!
The Hackread.com research team can confirm that the data is huge, amounting to over 27 GB in size. An in-depth analysis of the database reveals that the leaked information does not contain phone numbers or passwords. However, it does include the following details:
- City
- Country
- Full names
- URL links to user profile images
- Email addresses (total number unknown)
While the leaked information is quite significant, it is in the Russian language, which could make it difficult for other threat actors to utilize. The URL links to VK user profile images belong to userapi.com, a domain associated with the VK application.
A Second-Order Data Breach
In an exclusive conversation with Hackread.com, the hacker confirmed that VK was not directly breached, nor were their servers accessed. The hacker also dismissed rumours that the data was scraped.
According to the hacker, the incident was a “second-order” breach, which refers to a scenario where data compromised in one breach is used to facilitate another, often larger breach.
“The data in question is from a second-order breach. It wasn’t sourced directly from VK but rather obtained through a third-party breach that exposed VK data,” the hacker told Hackread.com.
However, this is not the first time VK has suffered a data breach. In June 2016, Hackread.com reported on a hacker who was selling 100 million VK accounts for 0.1 BTC (583.42 US Dollars at that time) on the dark web.
HikkI-Chan
Although a relatively new user on Breach Forums, their activity can be traced back to March 15, 2024, when they claimed their first hack, which was related to the U.S. Department of Defense (US DoD).
The same hacker has claimed responsibility for targeting the Israeli police and the Israeli public transportation company Kavim. Before the VK data leak, the hacker was selling Turkish citizenship data, which included personal and PII information of over 80 million Turks, the total population of Turkey.
Two other notable alleged hacks by the hacker include the Florida Office of Financial Regulation, where 8,639,326 records were leaked last week, and a highly sensitive yet alleged data leak involving FBI files, which they dubbed “Operation Priser.”
Although there is no information online about Operation Priser, the hacker describes it as “an operation that involved deep infiltration into government networks, leading to the extraction of highly sensitive information.”
Additionally, while sharing limited information about the operation, the hacker claims that the leaked files include “Terrorism Fighting Data, White House Mailing List, FBI Top Employees (Name, Role, Location), Federal Jobs Listing, FBI Employees’ Images, and much more.”
Hackread.com has reached out to VK for comment.
UPDATE – 18:21 Tuesday, 3 September 2024 (GMT)
VK has responded to Hackread.com and, after investigating the matter, the company maintains that there was no data breach at VK. They state that the data in question was collected from publicly available sources.
“We can confirm that there have been no security breaches of any kind, including those involving personal information. VK user data is securely protected, and the content in question was collected solely from publicly available sources. This information does not contain any confidential data but consists of details that our users have voluntarily shared on their profiles.”
VK Spokesperson
Nevertheless, the data leak still poses a privacy threat to unsuspecting users across Russia and Eastern Europe, as cybercriminals can use profile images and names to create fake profiles. Meanwhile, state-backed hackers are always seeking such data for malicious purposes.
RELATED TOPICS
- Hackers Leak 1.4 Billion Tencent User Accounts Online
- 3 Billion National Public Data Records with SSNs Dumped Online
- FBI’s Security Platform InfraGard Hacked; 87k Members’ Data Sold
- Data Leak Exposes 1.5B Real Estate Records, Including Kylie Jenner
- 57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach
