Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
VK.com

VK.com Vendor Cyber Rating & Cyber Score

vk.com

- VK is one of the most visited platforms on the Russian internet. We create products that we, our friends, family and 97 million other people use every day. We believe that it’s important to share our experience, support talented specialists and develop IT education in Russia. - VK’s mission is to connect people, services and companies by creating simple and convenient communication tools. - We set and achieve ambitious goals. We demand a lot of ourselves since the result of our work is used by our friends, family and millions of others. Every day brings new challenges, and we welcome these because they help us grow. - We create products that we're proud of. It's not easy, but that's what makes it interesting. We're always on the


VK.com A.I CyberSecurity Scoring

VK.com
Company Information
Website:http://vk.com
Employees number:647
Number of followers:0
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:vk.com
VK.com Risk Score (AI oriented)
Between 750 and 799
logo
VK.comTechnology, Information and Internet
Updated:
03/04/2026
798/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
VK.com Global Score (TPRM)
xxxx
logo
VK.comTechnology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

VK.com
VK.comFair
Current Score
798Baa (FAIR)
01000
1 incidents
-49 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
800Before Incident
JUNE 2026
800Before Incident
MAY 2026
798Before Incident
APRIL 2026
798Before Incident
MARCH 2026
798Before Incident
FEBRUARY 2026
797Before Incident
JANUARY 2026
845Before Incident
Breach
13 Jan 2026VK.com
VK: Hacker Claims Full Breach of Russia’s Max Messenger, Threatens Public Leak

Max Messenger Data Breach by CamelliaBtw

796After Incident
CRITICAL-49
VKC1768408393
Max Messenger Suffers Major Data Breach: Hacker Claims Full Infrastructure Compromise A hacker operating under the alias CamelliaBtw has claimed responsibility for a severe data breach targeting Max Messenger, a state-backed Russian messaging platform. The breach, announced on the DarkForums cybercrime marketplace, alleges a complete compromise of the app’s production systems, user data, and backend infrastructure exactly one year after its public launch on March 26, 2025. About Max Messenger Developed by VK’s subsidiary Communication Platform LLC, Max Messenger was introduced as a "national" alternative to platforms like WhatsApp and Telegram, integrating messaging, voice/video calls, file sharing, and government-linked digital identity services. Pre-installed on devices in Russia and Belarus under government policy, the app has amassed millions of users. Critics have long raised concerns over its privacy implications, given its deep ties to Russia’s digital infrastructure. Breach Details According to the hacker’s post, the attack exploited an unpatched remote code execution (RCE) vulnerability in Max’s media processing engine, present since the app’s 2025 beta phase. The flaw, triggered by malformed sticker pack metadata, allowed persistent access to the platform’s backend. The stolen data totaling 142 GB includes: - 15.4 million user records (full names, usernames, verified phone numbers) - Active authentication tokens (capable of bypassing 2FA) - Bcrypt-hashed passwords - Complete metadata (timestamps, sender/receiver IDs) - Internal assets (SSH keys, API docs, S3 bucket configs) - Unencrypted media files - Backend source code, including alleged hardcoded backdoors in the encryption module Extortion Threat CamelliaBtw claims to have privately notified Max Messenger’s developers but received no response. The hacker has issued a 24-hour ultimatum, demanding a financial settlement labeled a "bug bounty." Failure to comply would result in the release of 5 GB of raw SQL data across public torrent trackers. The post highlights verified accounts belonging to politicians and corporate executives as potential targets. Current Status As of now, Max Messenger has not confirmed or denied the breach, and no sample data has been publicly verified. Cybersecurity experts note the technical specificity of the claims suggests credibility, though the incident remains unconfirmed. If validated, this would rank among the most severe messaging platform breaches in recent years, with significant implications for user privacy and trust in encrypted services.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Extortion (financial settlement described as a 'bug bounty')
IMPACT
Data Compromised: 142 GB of compressed data, including user records, authentication tokens, hashed passwords, communication metadata, internal infrastructure assets, and backend source codeSystems Affected: Max Messenger’s production systems, backend infrastructure, and cloud storageOperational Impact: Potential compromise of user accounts, loss of trust in platform security, and exposure of sensitive communication metadataBrand Reputation Impact: Severe, given the platform’s integration with government services and digital identity featuresLegal Liabilities: Potential regulatory violations and legal actions due to exposure of user data and government-related communicationsIdentity Theft Risk: High, due to exposure of full names, phone numbers, and authentication tokens
DATA BREACH
User records (full names, usernames, verified phone numbers)Authentication tokensBcrypt hashed passwordsCommunication metadataInternal infrastructure assets (SSH keys, API documentation, S3 bucket configurations)Unencrypted media filesBackend source codeNumber Of Records Exposed: 15.4 million user recordsSensitivity Of Data: High (includes personally identifiable information, authentication tokens, and government-related communications)Data Exfiltration: Yes (142 GB of compressed data)Data Encryption: Partial (hashed passwords, but unencrypted media files and metadata)SQL database filesMedia filesSource codeConfiguration filesPersonally Identifiable Information: Full names, usernames, verified phone numbers, authentication tokens
DECEMBER 2025
845Before Incident
NOVEMBER 2025
845Before Incident
OCTOBER 2025
845Before Incident
SEPTEMBER 2025
845Before Incident
AUGUST 2025
845Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for VK.com ?
?
What was VK.com's A.I Rankiteo Cyber Score in June 2026 ?
?
What was VK.com's A.I Rankiteo Cyber Score in May 2026 ?
?
What was VK.com's A.I Rankiteo Cyber Score in April 2026 ?
?
What was VK.com's A.I Rankiteo Cyber Score in March 2026 ?
?
What was VK.com's A.I Rankiteo Cyber Score in February 2026 ?
?
What was VK.com's A.I Rankiteo Cyber Score in January 2026 ?
?
What was VK.com's A.I Rankiteo Cyber Score in December 2025 ?
?
What was VK.com's A.I Rankiteo Cyber Score in November 2025 ?
?
What was VK.com's A.I Rankiteo Cyber Score in October 2025 ?
?
What was VK.com's A.I Rankiteo Cyber Score in September 2025 ?
?
What was VK.com's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on VK.com's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with VK.com ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view VK.com's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?