fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Sells The Data For Millions Of Moscow Drivers For $800

Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800.

According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019

Russian news publisher Kommersant called a small sample of the exposed individuals and confirmed that the stolen data is accurate, even if outdated in some cases.

Also Read: Data Anonymisation: Managing Personal Data Protection Risk

The database contains the following details on Moscow car owners:

  • Full names
  • Dates of birth
  • Phone numbers
  • VIN codes
  • License plate numbers
  • Car brand and model
  • Car year of registration

As a bonus to buys, the seller provides an additional file containing information collected in 2020, which stops when Russia moved from regional databases to a central storage system in the Federal Information System (FIS) of the State Traffic Safety Inspectorate.

The source of the data is not known

This matches the alleged source, which according to the database seller is an insider from the Moscow traffic police department.

The Moscow authorities have not commented on this scenario yet, and Russian analysts are divided on who is responsible for the breach.

Some experts believe the hackers exfiltrated the data by exploiting a vulnerability in the system’s software, while others are certain an insider caused the leak.

Also Read: Do Not Call Registry Penalty: Important Tips To Consider

Alexei Parfentiev, head of the analytics department at SerchInform, stated“The insider job looks more likely because the requirements of regulators on internal structures in the traffic police are less strict than those that concern protection from external attacks.”

An analyst at InfoWatch Group offers a different perspective, claiming that cyberattacks on car insurance companies are also a likely explanation, as all of the exposed details are found in these firms’ systems.

This is not the first or even the second time that hackers have leaked the data of millions of Moscow motorists on the dark web.

In August 2020, a similar albeit smaller (1 million records) pack was made available on hacking forums, selling for $1,500.

In May 2020, a threat actor offered another Russian car owners database for $2,800, or $14,000 if anyone paid extra for exclusive access to the data.

The most recent and more significant listing sells for less because it consists of mostly older data, and many of the details will be no longer valid and less usable by malicious actors.

However, this data can still be valuable to other threat actors as it allows them to conduct targeted phishing campaigns against the exposed individuals, leading to financial or credentials theft.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us