Threat actors offer for sale data for 50 millions of Moscow drivers

Threat actors are offering for sale a database containing 50 million records belonging to Moscow drivers on a hacking forum for $800.

Bad news for Russian drivers, threat actors are selling a database containing 50 million records belonging to Moscow drivers on a hacking forum for only $800. The threat actors claim to have obtained the data from an insider in the local police, they published a sample of database records containing model of the car, its registration and VIN number, date of registration, engine power, name of the owner, date of birth, and phone number. 

Stolen data spans from 2006 and 2019, local media outlets have confirmed their authenticity. Threat actors are also offering a file containing information from 2020 to those that will buy the database.

“The cybercriminals put up for sale for $ 800 a database of 50 million lines with the data of drivers that were registered in Moscow and the Moscow region from 2006 to 2019. As a bonus to the purchase, a file with information from 2020 is offered. The database contains names, dates of birth, phone numbers, VIN-codes and numbers of cars, their brands and models, as well as the year of registration. The seller himself claims that he received information from an insider in the traffic police.” reads the post published by the Kommersant website.

Alexei Parfentiev, head of the analytics department at SerchInform, confirmed this scenario:

“It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection against external attacks, are extremely strict,” he says.

However Kommersant speculates that the data was obtained by hacking into the level of regional information systems.

Andrey Arsentiev, head of analytics and special projects at InfoWatch Group, believes that the the data could have been obtained by external attackers, for example, by exploiting a vulnerability in the system software.

“Judging by the composition of the data, the new database of car owners is not an unloading from the traffic police system, but rather an unloading from the databases of insurers, the founder of the DLBI data leak intelligence and darknet monitoring service Ashot Hovhannisyan believes.” continues the post.

“This data could be stolen both directly from the insurance companies and from their contractors to whom the bases are transferred for “ringing”. says Ashot Hovhannisyan.

The availability of this data in the cybercrime underground poses serious risks to the exposed individuals, attackers can use the information to carry out several malicious activities.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Moscow drivers)

[adrotate banner=”5″]

[adrotate banner=”13″]