Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800.
According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019
Russian news publisher Kommersant called a small sample of the exposed individuals and confirmed that the stolen data is accurate, even if outdated in some cases.
The database contains the following details on Moscow car owners:
- Full names
- Dates of birth
- Phone numbers
- VIN codes
- License plate numbers
- Car brand and model
- Car year of registration
As a bonus to buys, the seller provides an additional file containing information collected in 2020, which stops when Russia moved from regional databases to a central storage system in the Federal Information System (FIS) of the State Traffic Safety Inspectorate.
The source of the data is not known
This matches the alleged source, which according to the database seller is an insider from the Moscow traffic police department.
The Moscow authorities have not commented on this scenario yet, and Russian analysts are divided on who is responsible for the breach.
Some experts believe the hackers exfiltrated the data by exploiting a vulnerability in the system’s software, while others are certain an insider caused the leak.
Alexei Parfentiev, head of the analytics department at SerchInform, stated“The insider job looks more likely because the requirements of regulators on internal structures in the traffic police are less strict than those that concern protection from external attacks.”
An analyst at InfoWatch Group offers a different perspective, claiming that cyberattacks on car insurance companies are also a likely explanation, as all of the exposed details are found in these firms’ systems.
This is not the first or even the second time that hackers have leaked the data of millions of Moscow motorists on the dark web.
In August 2020, a similar albeit smaller (1 million records) pack was made available on hacking forums, selling for $1,500.
In May 2020, a threat actor offered another Russian car owners database for $2,800, or $14,000 if anyone paid extra for exclusive access to the data.
The most recent and more significant listing sells for less because it consists of mostly older data, and many of the details will be no longer valid and less usable by malicious actors.
However, this data can still be valuable to other threat actors as it allows them to conduct targeted phishing campaigns against the exposed individuals, leading to financial or credentials theft.