Hacked Vehicle Owner Database For Sale

A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum. The seller leaked some data for potential buyers to verify its accuracy. This is anonymised and contains all the car details present in the traffic police registry the vendor claims.

The web forum also pointed out that multiple portals where people can pay these fines are leaking their full names and passport numbers by simply inputting the unique registration number of the ticket.

While the samples made public by the hacker includes vehicle details such as make and model, date of registration and place of registration, buyers of the breached database containing over 129 million data records will also be able to access personal information of car owners based in Moscow. 

According to local Russian media agencies, the complete database contains details like names, addresses, contact numbers, dates of birth, and passport numbers of Russian car owners. Anyone willing to spend 1.5 BTC (£11,416) will enjoy exclusive access to the database that is not available in normal sales. Russian business journal Vedomosti revealed that the database of Russian car owners contained information obtained from the traffic police registry and the authenticity of the database was confirmed by an employee of a car-sharing company whose vehicle details were in the database. 

It is, therefore, most likely that the hacker stole the database from Moscow traffic police's IT systems.

Even though the Russian police may have implemented some security measures, it needs to ramp up both its cyber security and stop the collection of highly confidential information which is easily accessible through a mere ticket number.
This isn't the first time that a Russian government or law enforcement agency has suffered a massive security breach. 
In July last year, FSB, Russia's largest and most powerful intelligence agency that succeeded the KGB following the dissolution of the Soviet Union, suffered the largest data breach in its history when a hacker group stole 7.5 terabytes of data from one of its largest contractors.

The massive data theft was carried out by a hacker group known as Digital Revolution that claimed to possess vast amounts of data concerning several of the FSB's covert activities. 

This apparently included data scraping from social media platforms, unearthing identities of individuals who engaged in secret communications on Tor, and creating a closed Internet for Russia.These documents were stolen by the hacker group 0v1ru$  from the servers of SyTech, one of the FSB's largest contractors. According to reports, SyTech works mostly with FSB's 16th Directorate which is responsible for signals intelligence.

While many of the stolen documents have been posted to Twitter by Digital Revolution via a series of tweets and such data can be used to not only aid in the physical robbery of vehicles but also target the owners in the cyber-world using techniques like Spearphishing.

Vedmosti:     TEISS:        Bleeping Computer:      HackRead

You Might Also Read:

Taiwan's Entire Population Database Stolen:

Personal Data Of 115m Pakistanis For Sale:

 

« Honda Hit By Ransomware
Coronavirus Tracing Apps Conflict With Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

Department of Justice - Office of Cybercrime (DOJ-OOC)

Department of Justice - Office of Cybercrime (DOJ-OOC)

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

Archer Technologies

Archer Technologies

Archer helps organizations manage risk in the digital era—uniting stakeholders, integrating technologies and transforming risk into reward.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.