[BreachExchange] Hackers put up for sale the passports of more than 1.3 million Russians

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Aug 26 08:24:11 EDT 2021


https://www.ehackingnews.com/2021/08/hackers-put-up-for-sale-passports-of.html

The hackers posted an 809 GB archive with more than 1.3 million scans of
passports of Russian citizens, which were stolen as a result of hacking the
servers of the cosmetics company Oriflame, on the Cybercriminal Forum
RaidForums.

The company's website reports that on July 31 and August 1, it was
subjected to a series of cyberattacks, which led to unauthorized access to
the company's information systems. At the same time, Oriflame assured that
bank account numbers, phone numbers, passwords and commercial transactions
of users were not affected by the attack.

The company admits that not only customers from Russia, but also from other
CIS countries and Asia were affected. Oriflame has strengthened its
cybersecurity measures and is investigating the incident with the
participation of law enforcement agencies.

"Probably, the company refused to buy the data from the attackers, so now
they are being put into public access," adds Ashot Oganesyan, the founder
of the DLBI data leak intelligence service.

It is noted that earlier the seller posted on the Cybercriminal Forum scans
of documents of Oriflame clients in Georgia and Kazakhstan and claimed that
he has data of the participants of the system from 14 countries in his
hands.

Experts speculate that the hackers got it as a result of an attack using
vulnerabilities on a corporate site. The leak could have come from a backup
copy of the file storage.

A database of 1.3 million copies of passport scans on the black market
would cost hundreds of thousands of dollars. Fake documents can be used to
take out a microloan, register domains in the .ru zone, SIM cards or
wallets of payment systems.

Oriflame leak is not the first among the companies developing network
marketing. In 2020, the data of 19 million customers and employees of Avon,
including names, phone numbers, dates of birth, e-mail and addresses,
became publicly available.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210826/c0d570cb/attachment.html>


More information about the BreachExchange mailing list