Personal Data of One Million Moscow Drivers Found for Sale Online

According to the publication “Kommersant,” at the end of July 2020, personal data belonging to approximately one million drivers from Moscow and the Moscow region appeared for sale on unnamed hacker forums specializing in database sales and information leaks. The leaked dump includes car registration dates, license plate numbers, makes, models, years of manufacture, owners’ full names, phone numbers, birth dates, registration region information, VIN numbers, and the series and numbers of registration certificates and vehicle passports. The data is current as of the end of 2019. The starting price for the database is $1,500 USD.

Photo: Telegram channel DataLeak

Ashot Oganesyan, founder of DeviceLock, noted on his Telegram channel that he had written about this database multiple times last year. He reminded readers that this data has long been sold on the black market, with the price for one month’s access ranging from 3,500 to 10,000 rubles. Oganesyan also believes that, judging by the nature of the data, the database likely belonged to an insurance company rather than the traffic police (GIBDD). “Based on the combination of car data, owner information, and mobile phone numbers, the database was created for selling insurance policies,” Oganesyan said.

Pavel Myasoedov, partner and director at the company “Intellectual Reserve,” told Kommersant journalists that a single entry in a similar archive costs between 6 and 300 rubles, depending on the amount of data included. A full leak of this kind could be worth about 1 bitcoin (over $11,000 at the current exchange rate). He noted that such a database could attract car thieves and scammers who use social engineering tactics.

“A victim might reveal passwords, contact details, card information, and the car’s location, believing they are speaking with a traffic police or bank employee. Information about a car’s location is valuable to those who want to steal a specific model or create a duplicate car with identical numbers for criminal purposes,” Myasoedov explained.

Kommersant also reported that the State Duma is considering tougher penalties for distributing such information. “Leaks from the Ministry of Internal Affairs happen regularly. This points, on one hand, to a low level of information security, and on the other, to high levels of corruption. My colleagues and I are working on changes to existing laws regarding the illegal use of such materials. Those who buy these databases need to understand that they are committing a crime, which begins the moment they download such databases,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy, in an interview with journalists.