The mega breaches keep coming with a reported data leak of 33 million accounts for the QIP.RU Russian instant messaging service.  What's worse, like the recent Rumbler.ru mega breach, the QIP.RU passwords were stored in plain-text rather than being encrypted.  

According to Heroic, a provider of hacker and threat protection services for home users, they were given the data leak by a hacker who goes by the alias Daykalif.  This leak contains a total of 33,380,559 records that include email addresses, usernames, passwords, and other related fields dating from 2009-2011. 

As all of the passwords are stored in plain text, whoever accessed the database had full access to the passwords without needed to run a cracking software on them. This is a inexcusable and no company should ever store passwords without first encrypting them.

What's just as inexcusable are the weak passwords people are using. According to analysis performed by Heroic, the most common domain name in this breach is mail.ru with 9,767,726 accounts, followed by yandex.ru with 2,493,541 accounts.  The most common passwords in the breach are:

Password Total
123456 607156
123123 148642
111111 147106
123456789 118804
12345678 98830
qwerty 74499
1234567 73053
666666 65124
0 64887
123321 60133

 

It truly is baffling to me that people would ever use passwords like 123456, 123123, or all ones!

These breaches are becoming more and more common while security takes the back seat. Companies need to wake up and take their user's security and privacy seriously before it gets worse. Users need to start using better and unique passwords at sites they visit. If better corporate security met user education, the web would be a much safer place.