Russian email dating site mail ru

Regardless of where passwords came from both and Yandex state that only a small percentage of the accounts in the list might have worked.

Independent reports state that the passwords are old and probably not even for valid or Yandex accounts. If your or password has not changed recently, now is a good time to change it.

One forum alone accounted for almost half of the breached data -- a little under 13 million records; the other two forums make up over 12 million records.

The databases were stolen in early August, according to breach notification site Leaked Source.com, which obtained a copy of the databases.

Stored Cross-site scripting is an XSS type which if successfully injected it will be stored permanently in the application’s database and retrieved whenever the user call back a vulnerable page calling this stored payload Used by many email clients including Novell Group Wise, Microsoft Outlook Express, Lotus notes, Windows Mail, Mozilla Thunderbird, and Postbox.

files contain the email contents as plain text in MIME format, containing the email header and body, including attachments in one or more of several formats. is parsing files and fetches the “subject” automatically then reflecting it in the email subject without sanitizing, filtering or validating it for malicious content which was the main root cause for our Stored XSS to occur.

Some of the forums allowed the hackers to also obtain IP addresses , which could be used to determine location, and phone numbers.

This is the latest hack in a long line of similar attacks on out-of-date and unpatched forums with widely known and glaring security flaws.holds 100% of shares of Russia’s most popular social network VKontakte and minority stakes in Qiwi, formerly OE Investments (15.04%).It also operates two instant messaging networks (Mail.So to reproduce this behavior, We simply created a new eml file “test.eml”, Edited this file and included a simple XSS payload ie.“subject : ” then we saved the file, After that we went to we navigated to “ru” (the mobile version of mail.ru), Created a new mail, uploaded the eml file and then we hit “send” Once a victim receive our malicious message, Opening it, you will find this lovely and cute popup alert box with word “XSS” inside it which mean that the script has been executed so that’s mean XSS occurs. Think twice before going public and let us protect your business!

Leave a Reply