A database of 50 million records of Moscow drivers was put up for sale on a dark web marketplace last week.
The data broker is offering the database for $800 and says it contains information on drivers registered in Moscow and the surrounding region between 2006 and 2019. The buyer would receive a file that allegedly contains drivers’ records from 2020.
Kommersant, a Russian media outlet that received a sample of the database after contacting the seller, said it contains the following datasets:
· Full names and date of birth
· Phone numbers
· VIN codes
· License plate numbers
· Car brands and models
The news publisher confirmed the validity of the data after calling five car owners using contact information found in the provided sample. One of the individuals said that, while he was the initial owner of the car model, he managed to sell it.
What is the origin of the breached data? According to the data broker, an insider working for police in Moscow stole drivers’ records. Kommersant said it received no comment from Moscow authorities regarding this scenario.
Given the nature of the exposed details, the data could also have been exfiltrated from car insurance companies or via vulnerabilities found in the Federal Information System (FIS) software of the State Traffic Safety Inspectorate, which stores all data on registered cars and car owners.
Are car owners in Moscow at risk? Although customer records may lose their value as they age, malicious actors can still use old data in targeted social engineering attacks to steal sensitive information and defraud users. While there is no immediate threat of phishing attacks, a dedicated threat actor would take the time to pair the leaked data with additional records from additional data breaches. With a complete set of user data, cybercriminals can score big, deploying malicious and fraudulent attacks via email, text and instant chat messages on social media.
Car owners in Moscow should watch out for unsolicited communication that leverages the exposed vehicle information.
Data breaches and leaks happen daily. Check out Bitdefender’s Digital Identity Protection service to check if your personal data has been exposed online. The dedicated online privacy tool helps you take control of your digital footprint to minimize risks associated with data breaches and leaks. You can analyze the exposed data to better understand your chances of falling victim to scammers and take more privacy-focused decisions for all your future digital activities.