Data of Almost 87,000 Metropolis Mall Customers Leaked Online
A database containing information on users of the Metropolis shopping center’s mobile apps (iOS and Android)—one of the largest malls in Moscow—has been found publicly available on a dark web forum. The data dump includes details on 86,883 customers as of February 18, 2022.
How the Leak Happened
According to the Telegram channel “Information Leaks,” a forum member initially tried to sell information about a vulnerability that provided access to Metropolis’s customer database for 300 Monero (over $52,000 at the time). Since there were apparently no buyers, the seller decided to create an SQL dump and release it publicly.
What Information Was Exposed?
The leaked records include the following data:
- User name
- Phone number
- Email address
- Hashed (bcrypt) password
- Bonus points balance
- Account creation and update dates (from July 12, 2018 to February 18, 2022)
- Links to social media profiles on VKontakte, FacebookFacebook launched an official Tor mirror in 2014, becoming the first major tech company to provide direct access through onion routing. The mirror allows users to bypass censorship, secure their connections, and avoid phishing risks while using the platform. This step also underscored Facebook’s recognition of free expression and inspired other outlets like the BBC and ProPublica to create their own Tor versions. More, and Instagram