Moscow Car Owners’ Data Leaked on the Darknet

By Riley ThompsonTechnology News

Massive Data Leak of Moscow Car Owners Hits the Darknet

Recently, cybercriminals put up for sale a database containing 50 million records of drivers registered in Moscow and the Moscow region from 2006 to 2019. According to reports, the database includes names, dates of birth, phone numbers, VIN codes, license plate numbers, car makes and models, and the year the vehicle was registered. As a bonus, the archive also contains a file with information from 2020. The asking price for the archive is $800,000.

The seller, who spoke with the press, claims to have received the information from an insider at the State Traffic Safety Inspectorate (GIBDD). However, some experts believe the leak could have occurred at the level of regional information systems that are integrated with GIBDD databases for issuing parking violation fines.

The cybercriminal provided a sample of the database records. Journalists contacted five people from the sample, all of whom responded to their full names. One confirmed that they had owned the specified vehicle but had since sold it. The others declined to comment.

Source of the Leak in Question

According to data leak intelligence and darknet monitoring company DLBI, the composition of the leaked data suggests it is not a direct export from the GIBDD system, but more likely from insurance company databases. The “Blue Buckets” movement also believes the leak did not come from GIBDD, as their security systems do not allow mass data exports.

Petr Shkumatov, coordinator of the movement, notes that cybercriminals often find vulnerabilities in agencies whose information systems are integrated with GIBDD databases. “These could be, for example, municipal authorities in various regional cities that were recently granted the right to fine drivers for illegal parking,” he explained. These organizations often have lower information security standards, the expert added.

Not the First Data Leak

This is not the first time car owners’ data has been leaked. In May 2020, a similar database was discovered on a darknet forum. Personal data of both individuals and legal entities remains in high demand among cybercriminals.

  • Our other channels
  • Our friends and partners

Leave a Reply