Social media


User data leakage from Russian financial institutions

Author: LB 2020-05-15 386

According to a Russian news agency, significant amount of user data leaked out. These users were clients of small scale Russian loan institutions between 2017 and 2019. The seller posted first names, second names, passport numbers, phone numbers and various other personal information for sale on the Russian Internet.

The Russian gazeta.ru reported that a secret database was created to store data on customers applying for loans between 2017 and 2019.


User data was made accessible on a special website that was built for this purpose. According to the seller, he owned data from almost 12 million Russian citizens. Passport data, phone number, email address, e-wallet data and the amount of loan applied by these citizens were among the leaked data.


The seller said that he could obtain the data from a single source.


The data contains the URL of the site that was used to refer these financial services. And this referral was usually made from one of the most popular financial market place in Russia, Unicom24. The site collects micro-loan solution offers for Russian citizens and these can be used to finance real-estate or car purchases. The online platform can also compare these offers and determine the users credibility. For this purpose, the site asks for personal data.

When media correspondents inquired about the credibility of the leaked data, the director of the company acknowledged these facts.


"We have sent an official letter to the company and demanded for explanation. We told them that we would not like to cooperate in the future." -- said the correspondent from Unicom24.


According to the founder of DeviceLock, Oganecian Asot (Ашот Оганесян), client data was leaked from a server operated by the financial market place, however to find out which company was responsible for the leak is almost impossible.

In Russia, sensitive client data from customers of insurance companies often get stolen. At the end of last year this happened to Alfa Bank and AlfaStrakhovanie (АльфаСтрахование) clients as well. The seller gave access to free trial data, which contained contracts, client addresses, passport numbers, phone numbers and client names.


The Russian Alfa Bank acknowledged the data leakage and they initiated an inner investigation to clarify details, however according to the report, only 15 clients had their personal data leaked.


They also told the media correspondents, that hackers could not gain access to client accounts, therefore there was no concomitant financial loss.


At the same time, it was true that these Russian swindlers were able to call the clients after they had successfully obtained their phone numbers and pretending to be bank employees, in some cases they could extort CVV/CVC codes. With that using funds on these accounts was also possible.


In June, 2019 900.000 Russian clients of the largest Russian bank had their personal data leaked out. These information were made available to the public and they contained passport data, phone number, account balance and loan application limits. According to experts, this information was stolen by a hacker who cooperated with bank employees.


Photo by Martin Lopez from Pexels


You can support me using the following BTC address: 1D6qYk7mWQFE1K5tUgqimjiCLT66AHdyNX


Interesting entries


22.03.2021

What to mine if ethereum is not an option anymore?

13.03.2021

Cryptocurrency mining on GeForce GTX RTX 3060

11.03.2021

How can the price of the paid network token dropped from $2.8 to $0.3?

07.03.2021

How to extract transaction data from the bitcoin blockchain using bitcoin-cli?

06.03.2021

How I created my first ERC-20 token on the ethereum testnet?