Financial data & passport data of 12 millions Russians for sale in deep web

A new massive data breach has been revealed. According to recent reports, data from more than 12 million Russian citizens who applied for loans from financial institutions were illegally extracted and put up for sale on deep-web forums frequented by malicious hackers.

According to the vendors who published this information, the database contains information on 12 million people who obtained fast loans between 2017 and 2019. As it shows, hackers posted the data of more than a thousand affected users, including details such as:

  • Full names
  • Date of birth
  • Email address
  • City of residence
  • Passport information, among other information

In addition, the registration of each affected person contains a link to a website with information about financial services.

All indications are that data breaches occurred directly in the financial companies that provided the loans to the affected users. A cybersecurity firm took a sample of the leaked data and was able to verify that the information is real. A group of researchers even phoned some of the individuals whose data was in the sample published by the hackers. These users confirmed that they were customers of various financing companies.

The leak could be the result of downloading a database server, which serves the financial markets information system. Using this dataset, however, it is not possible to determine in which company the leak occurred.

In itself, a database can be obtained by hacking a server, or from a database backup. It is possible that, accidentally, this data fell into the wrong hands or stolen by internal personnel.

Due to the nature of the information stored in this database, users are exposed to multiple risks, from spear phishing campaigns to attempts at electronic fraud and identity theft. In addition, hackers could sell the information to other hackers, expanding the scope of the attack.

Multiple similar incidents have been reported recently. For example, on February 11th a hacker gained access to the networks of the financial firm Alpha Credit. This was an implementation of MongoDB that stored more than 44 million records, including full names, email addresses, among other confidential details.  

According to experts, MongoDB databases are exposed due to configuration errors made by administrators, although the company has also made serious flaws recently, so it has generated several claims from the cybersecurity industry.