Hacked Vehicle Owner Database For Sale

A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum. The seller leaked some data for potential buyers to verify its accuracy. This is anonymised and contains all the car details present in the traffic police registry the vendor claims.

The web forum also pointed out that multiple portals where people can pay these fines are leaking their full names and passport numbers by simply inputting the unique registration number of the ticket.

While the samples made public by the hacker includes vehicle details such as make and model, date of registration and place of registration, buyers of the breached database containing over 129 million data records will also be able to access personal information of car owners based in Moscow. 

According to local Russian media agencies, the complete database contains details like names, addresses, contact numbers, dates of birth, and passport numbers of Russian car owners. Anyone willing to spend 1.5 BTC (£11,416) will enjoy exclusive access to the database that is not available in normal sales. Russian business journal Vedomosti revealed that the database of Russian car owners contained information obtained from the traffic police registry and the authenticity of the database was confirmed by an employee of a car-sharing company whose vehicle details were in the database. 

It is, therefore, most likely that the hacker stole the database from Moscow traffic police's IT systems.

Even though the Russian police may have implemented some security measures, it needs to ramp up both its cyber security and stop the collection of highly confidential information which is easily accessible through a mere ticket number.
This isn't the first time that a Russian government or law enforcement agency has suffered a massive security breach. 
In July last year, FSB, Russia's largest and most powerful intelligence agency that succeeded the KGB following the dissolution of the Soviet Union, suffered the largest data breach in its history when a hacker group stole 7.5 terabytes of data from one of its largest contractors.

The massive data theft was carried out by a hacker group known as Digital Revolution that claimed to possess vast amounts of data concerning several of the FSB's covert activities. 

This apparently included data scraping from social media platforms, unearthing identities of individuals who engaged in secret communications on Tor, and creating a closed Internet for Russia.These documents were stolen by the hacker group 0v1ru$  from the servers of SyTech, one of the FSB's largest contractors. According to reports, SyTech works mostly with FSB's 16th Directorate which is responsible for signals intelligence.

While many of the stolen documents have been posted to Twitter by Digital Revolution via a series of tweets and such data can be used to not only aid in the physical robbery of vehicles but also target the owners in the cyber-world using techniques like Spearphishing.

Vedmosti:     TEISS:        Bleeping Computer:      HackRead

You Might Also Read:

Taiwan's Entire Population Database Stolen:

Personal Data Of 115m Pakistanis For Sale:

 

« Honda Hit By Ransomware
Coronavirus Tracing Apps Conflict With Privacy »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Ethnos Cyber

Ethnos Cyber

Ethnos Cyber is Africa’s leading cybersecurity and compliance management company. We provide Information Security, Risk Management, Cybersecurity and Compliance Management solutions to clients.

Airbus Protect

Airbus Protect

Airbus Protect is an Airbus subsidiary bringing together the Company’s expertise in cybersecurity, safety and sustainability-related services.

itm8

itm8

itm8 is a Nordic digital transformation partner offering a wide range of services in IT operations and Cloud Services, Digital Transformation, Application Services, ERP, and Cyber Security.

iolite Secure

iolite Secure

iolite secures our nation’s infrastructure and critical assets through cyber threat detection, response, and mitigation.