Hacked Vehicle Owner Database For Sale

A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum. The seller leaked some data for potential buyers to verify its accuracy. This is anonymised and contains all the car details present in the traffic police registry the vendor claims.

The web forum also pointed out that multiple portals where people can pay these fines are leaking their full names and passport numbers by simply inputting the unique registration number of the ticket.

While the samples made public by the hacker includes vehicle details such as make and model, date of registration and place of registration, buyers of the breached database containing over 129 million data records will also be able to access personal information of car owners based in Moscow. 

According to local Russian media agencies, the complete database contains details like names, addresses, contact numbers, dates of birth, and passport numbers of Russian car owners. Anyone willing to spend 1.5 BTC (£11,416) will enjoy exclusive access to the database that is not available in normal sales. Russian business journal Vedomosti revealed that the database of Russian car owners contained information obtained from the traffic police registry and the authenticity of the database was confirmed by an employee of a car-sharing company whose vehicle details were in the database. 

It is, therefore, most likely that the hacker stole the database from Moscow traffic police's IT systems.

Even though the Russian police may have implemented some security measures, it needs to ramp up both its cyber security and stop the collection of highly confidential information which is easily accessible through a mere ticket number.
This isn't the first time that a Russian government or law enforcement agency has suffered a massive security breach. 
In July last year, FSB, Russia's largest and most powerful intelligence agency that succeeded the KGB following the dissolution of the Soviet Union, suffered the largest data breach in its history when a hacker group stole 7.5 terabytes of data from one of its largest contractors.

The massive data theft was carried out by a hacker group known as Digital Revolution that claimed to possess vast amounts of data concerning several of the FSB's covert activities. 

This apparently included data scraping from social media platforms, unearthing identities of individuals who engaged in secret communications on Tor, and creating a closed Internet for Russia.These documents were stolen by the hacker group 0v1ru$  from the servers of SyTech, one of the FSB's largest contractors. According to reports, SyTech works mostly with FSB's 16th Directorate which is responsible for signals intelligence.

While many of the stolen documents have been posted to Twitter by Digital Revolution via a series of tweets and such data can be used to not only aid in the physical robbery of vehicles but also target the owners in the cyber-world using techniques like Spearphishing.

Vedmosti:     TEISS:        Bleeping Computer:      HackRead

You Might Also Read:

Taiwan's Entire Population Database Stolen:

Personal Data Of 115m Pakistanis For Sale:

 

« Honda Hit By Ransomware
Coronavirus Tracing Apps Conflict With Privacy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

Information Network Security Agency (INSA) - Ethiopia

Information Network Security Agency (INSA) - Ethiopia

INSA's vision is to realize a globally competent National Cyber capability which plays a key role in protecting the national interests of Ethiopia.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

Cyber Security & Cloud Expo

Cyber Security & Cloud Expo

The Cyber Security & Cloud Expo is an international event series in London, Amsterdam and Silicon Valley.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

SENTRIQS

SENTRIQS

SENTRIQS advanced encryption technology is engineered to defend against the most sophisticated cyber threats, keeping your operations efficient and secure.

SeQure

SeQure

SeQure is a novel cybersecurity and data observability company that offers Fortune 100 and Governments a zero-trust service to continuously monitor large network environments.

ShieldHaus

ShieldHaus

Protect your business from evolving cyber threats with ShieldHaus. Our real-time, AI-powered security solutions block malicious IPs, phishing attempts, and harmful domains to safeguard your systems an