Cyber Crime

Records with data on 129 million Russian car owners sold on dark web

These records contain personal data including passport numbers and contact details of car owners in Moscow.

Another day, another data breach – This time, sensitive data of 129 million car owners located in Moscow, Russia is available for sale on the dark web. The data is available for sale in two tiers:

  1. Pay 0.5 Bitcoins which equate to about $4800 and get access to the entire database.
  2. Pay 1.5 Bitcoins which equate to about $14400 and get certain exclusive access, not available in the normal sales.

To make sure that potential buyers can trust these cybercriminals, they have made a public set of 83 files containing only the car’s brand name, model, registration location & dates.

Exclusive: Hacker Selling Quarter Million State of Louisiana Drivers’ Licence Database

Further, the authenticity of the records has been confirmed by Vedomosti, a Russian business daily, who spoke to an employee of one such car-sharing company whose data was found as a part of the database.




 

According to a report by a local media agency, these records include:

  • Full names
  • Email addresses
  • Passport numbers
  • Date of Births
  • Contact information
  • The car’s brand & model
  • Place & date of registration
  • The Tax Identification Number (TIN) of those on whose name the car is registered.

Talking about their origin, these records are allegedly believed to have been stolen from the registry of the traffic police. This is precisely why certain confidential details such as passport numbers have been leaked as Moscow’s police includes such records when it slaps a fine on someone.

Screenshot of the data sold on dark web marketplace (Source: Nora the Hedgehog)

These fines can number into the thousands for such a huge city making potential losses limitless. As an example, according to Kommersant, a Russian media outlet, 35000 fines were made since May 10.




 

To conclude, we believe that even though the Russian police may have implemented some security measures, it needs to ramp up both its cybersecurity and stop the collection of highly confidential information which is easily accessible through a mere ticket number.

For the future, it is yet to be seen what implication will this have but suffice to say, such data can be used to not only aid in the physical robbery of vehicles but also target the owners in the cyberworld using techniques like spearphishing campaigns.

To Top

Pin It on Pinterest

Share This