A hacker using the alias ‘Hikkl-Chan’ has leaked personal information, such as names, email addresses, country and city of residence, and links to profile pictures, of over 390 million VK or VKontakte users, Russia’s largest social networking platform.
This could lead to identity theft, phishing scams, and other cyber security issues. According to the hacker, the data was compromised in September 2024 and includes up-to-date information. Interestingly, VK is also one of the projects of Pavel Durov, the founder of Telegram, who is currently under arrest in France.
VK has become a vital online hub, often compared to Facebook’s widespread use and influence in East European countries.
Researchers have found that the leaked data, totalling over 27 GB, doesn’t contain passwords or phone numbers. The data is mostly in Russian, and given the current geopolitical scenario, it could be misused by some state-sponsored actors.
Hikkl-Chan clarified to Hackread that VK itself was not directly breached. Instead, the hacker described the incident as a “second-order” breach. This means the data was obtained through a third-party compromise that exposed VK user information.
This data acquisition method is particularly concerning, as it highlights the vulnerabilities that can arise from interconnected systems and third-party services.
This isn’t the first time VK has been compromised. In 2016, about 100 million VK accounts were compromised and leaked on the dark web. However, the magnitude of the present leak far exceeds the previous one.
Hikkl-Chan first appeared on the hacking forum in March 2024 and has since been linked to several major data leaks. These include breaches involving the United States Department of Defense, the Israeli police, and the Kavim public transportation company, the sale of 80 million Turkish citizens’ records, and the leak of data from the Florida Office of Financial Regulation.
The hacker, under Operation Priser, has also infiltrated U.S. government servers and networks.
In the News: South Korea probes Telegram’s role in deepfake scandal