[BreachExchange] Hacker sells the data for millions of Moscow drivers for $800

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Oct 25 10:12:01 EDT 2021


https://www.bleepingcomputer.com/news/security/hacker-sells-the-data-for-millions-of-moscow-drivers-for-800/

Hackers are selling a stolen database containing 50 million records of
Moscow driver data on an underground forum for only $800.

According to Russian media outlets that purchased the database, the data
appears to be valid and contains records collected between 2006 and 2019

Russian news publisher Kommersant called a small sample of the exposed
individuals and confirmed that the stolen data is accurate, even if
outdated in some cases.

The database contains the following details on Moscow car owners:

Full names
Dates of birth
Phone numbers
VIN codes
License plate numbers
Car brand and model
Car year of registration
As a bonus to buys, the seller provides an additional file containing
information collected in 2020, which stops when Russia moved from regional
databases to a central storage system in the Federal Information System
(FIS) of the State Traffic Safety Inspectorate.

The source of the data is not known
This matches the alleged source, which according to the database seller is
an insider from the Moscow traffic police department.

The Moscow authorities have not commented on this scenario yet, and Russian
analysts are divided on who is responsible for the breach.

Some experts believe the hackers exfiltrated the data by exploiting a
vulnerability in the system's software, while others are certain an insider
caused the leak.

Alexei Parfentiev, head of the analytics department at SerchInform,
stated“The insider job looks more likely because the requirements of
regulators on internal structures in the traffic police are less strict
than those that concern protection from external attacks.”

An analyst at InfoWatch Group offers a different perspective, claiming that
cyberattacks on car insurance companies are also a likely explanation, as
all of the exposed details are found in these firms' systems.

This is not the first or even the second time that hackers have leaked the
data of millions of Moscow motorists on the dark web.

In August 2020, a similar albeit smaller (1 million records) pack was made
available on hacking forums, selling for $1,500.

In May 2020, a threat actor offered another Russian car owners database for
$2,800, or $14,000 if anyone paid extra for exclusive access to the data.

The most recent and more significant listing sells for less because it
consists of mostly older data, and many of the details will be no longer
valid and less usable by malicious actors.

However, this data can still be valuable to other threat actors as it
allows them to conduct targeted phishing campaigns against the exposed
individuals, leading to financial or credentials theft.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211025/954bc928/attachment.html>


More information about the BreachExchange mailing list