As many as 129 million data records of car owners in Moscow have been put up for sale by a hacker on a Dark Web forum for BTC 0.5 (approximately £3,800). A little over 80 data samples have also been made public as proof of the exploit.
While the samples made public by the hacker includes vehicle details such as make and model, date of registration, and place of registration, buyers of the breached database containing over 129 million data records will also be able to access personal information of car owners based in Moscow.
According to local Russian media agencies, the complete database contains details like names, addresses, contact numbers, dates of birth, and passport numbers of Russian car owners. Anyone willing to spend 1.5 BTC (£11,416) will enjoy exclusive access to the database that is not available in normal sales.
Russian business daily Vedomosti revealed that the database of Russian car owners contained information obtained from the traffic police registry and the authenticity of the database was confirmed by an employee of a car-sharing company whose vehicle details were in the database. It is, therefore, most likely that the hacker stole the database from Moscow traffic police’s IT systems.
This isn’t the first time that a Russian government or law enforcement agency has suffered a massive security breach. In July last year, FSB, Russia’s largest and most powerful intelligence agency that succeeded the KGB following the dissolution of the Soviet Union, suffered the largest data breach in its history when a hacker group stole 7.5 terabytes of data from one of its largest contractors.
The massive data heist was carried out by a hacker group known as Digital Revolution that claimed to possess vast amounts of data concerning several of the FSB’s covert activities that included data scraping from social media platforms, unearthing identities of individuals who engaged in secret communications on Tor, and creating a closed Internet for Russia.
These documents were stolen by the hacker group 0v1ru$ (possibly a subsidiary of Digital Revolution) from the servers of SyTech, one of the FSB’s largest contractors. According to reports, SyTech works mostly with FSB’s 16th Directorate which is responsible for signals intelligence.
While many of the stolen documents were posted to Twitter by Digital Revolution via a series of tweets, the hacker conglomerate also shared a large number of documents obtained from SyTech with several journalists.