Several cyber security experts struck gold when they uncovered a forum on the Dark Web selling a database containing more than a hundred million records of vehicles and owners’ information.
The alleged hacker definitely has some pretty interesting information for potential buyers in confirming the legitimacy of the datasets. Initial report says there are no immediate information on the car owners on the public dataset but the cars’ registration information and makes and models are readily available.
According to the experts, the leaked database being sold can be obtained at a measly US$4,000 (0.5 Bitcoins). With this amount, other hackers can feast on comprehensive information that includes complete names, home and office addresses, passports, date of birth, and several phone and mobile numbers of the car owners themselves.
There are also reports of an “exclusive access” being offered in the Dark Web for about US$15,000 (1.5 Bitcoins) which allegedly provides more extensive information on the car owners, including their tax figures and history. The information was confirmed to be accurate, checked and verified by an employee of a car-rental company who has seen their own users’ data on the leaked database.
The origins of these records are somehow being pointed to the city’s traffic police registry. According to the researchers and law enforcement investigation teams, the accuracy of the data tells them that it may have been stolen from the official registration records of the city. Moscow police’s data processing protocol when applying fines automatically requires them to get as much information on the person who made the violation. In the case of traffic violations, this means the driver, and the vehicle being driven. Which explains the inclusion of the passport and all other personal identifiable information on the drivers.
With such a large city like Moscow, whose population is close to 13 million, the fines can be in the thousands, making the overall loss almost limitless. In this month alone, specifically from May 10th, there’s a reported total of about 40,000 local law and traffic violations, give or take. That is 40,000 worth of individual information on cars and owners in less than 20 days.
Another notable reason for the sudden spike in the numbers is the fines being issued by Moscow police to those who are violating Covid-19 quarantine protocols.
This also prompts them to log all the personal details, including passport information of the offending individual.
One scenario that could possibly make the data breach possible is through the payment portals, according to the cyber security experts. People pay their fines on multiple payment portals which requires them to provide the unique reference number on the ticket, and their names and passport numbers. This, in turn, verifies the person’s information on a central database which will then reference their complete information. These payment portals do not have the appropriate protection against hackers and even brute-force attacks.
There’s been no conclusion on this investigation yet, but security experts are already warning people and car companies, including the police. The leaked information on the Dark Web can be used in a lot of different ways and there’s no telling when these threat actors may attack. It’s best to invest on a robust security system and network protection, which is most likely what the police will be doing in the next few days.