Mail.ru
  • Total Records4,664,478
  • Unique Emails4,445,256
  • Unique Passwords2,726,352

Mail.ru Breach Exposed 4.6 Million Email Addresses in September 2014

In September 2014, Mail.ru—one of Russia's most prominent email and internet service providers—found itself at the center of a major data breach event. Around 4.6 million email addresses, each ending with the mail.ru domain, and their associated passwords were leaked publicly on the Russian Bitcoin Security Forum. Although it's unlikely that Mail.ru itself was directly compromised, many users confirmed that the credentials listed matched those used across other services. This incident stands as one of the more significant breaches in the Russian digital landscape, highlighting the pervasive risk of password reuse and the challenges of securing large-scale user databases.

What Happened in the Mail.ru Breach?

The Mail.ru breach occurred when a vast trove of credentials—email addresses and passwords—surfaced on an underground Russian forum in early September 2014. The data contained a total of 4,664,479 records, all tied to the mail.ru domain. Investigations suggested that while the credentials were valid for Mail.ru email addresses, their origins were likely from compromised third-party services or instances of reused passwords, as opposed to a direct hack of Mail.ru's infrastructure.

What Data Was Exposed?

The compromised dataset included the following information:

  • Email addresses (all under the mail.ru domain)
  • Passwords

No other sensitive details, such as names, addresses, or payment information, were part of this particular leak.

How Many Users Were Impacted?

Approximately 4,664,479 unique combinations of mail.ru email addresses and passwords were exposed in this breach. Given the widespread use of Mail.ru within Russia and surrounding regions, the leak affected a significant portion of the service's user base, as well as users who relied on their Mail.ru credentials for access to other online platforms.

Timeline of the Mail.ru Breach

  • September 2014: Nearly 4.7 million email addresses and passwords connected to Mail.ru appear on the Russian Bitcoin Security Forum for public download.
  • Shortly after leak: Security researchers, users, and media verify samples from the data set, confirming that many credentials work on various third-party services.

The precise date when the credentials were harvested remains unclear, but the data first emerged on public hacking forums in September 2014.

Frequently Asked Questions

What kind of data was leaked in the Mail.ru breach?

The Mail.ru breach exposed email addresses and their corresponding passwords. There were no other types of data included in this leak.

How many users were affected by the Mail.ru data breach?

A total of 4,664,479 combinations of mail.ru email addresses and passwords were leaked online, impacting a large number of users of the Russian mail service.

When did the Mail.ru breach happen?

The Mail.ru breach was discovered in September 2014, when the dataset containing millions of credentials was published on a Russian forum.

How can I check if I'm in the Mail.ru breach?

You can check if your information was part of the Mail.ru breach by utilizing the DeHashed search engine.