In September 2014, several large dumps of user accounts appeared on the
Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain. Whilst
unlikely to be the result of a direct attack against mail.ru, the credentials were confirmed by many as legitimate for other services they had subscribed to. Further data allegedly valid for mail.ru and containing email addresses and plain text passwords was added in January 2018 bringing to total to more than 16M records. The incident was also then flagged as "unverified", a concept that was
introduced after the initial data load in 2014.
Fields count statistics
Numbers may not be precise, a precision threshold of 100 is used to determine if a field is unique.
password.plain top values
Only the top 100 values are displayed in the chart.
Values with less than 100 occurrences are not displayed.