The personally identifiable information (PII) of millions of Moscow drivers has been posted for sale by an unknown hacker. After cybercriminals stole a database that stored around 50 million files containing driver information, they put it up for sale on a dark web forum. This type of activity is not unusual, but the asking price surprised cybercrime experts, as the data was offered for a mere $800.

Validating a cyberattack

According to sources within the Russian media who bought the stolen database, the information up for sale appears to be authentic. The data on drivers contained records that were collected during a period spanning 2006 to 2019.

Russian news entity Kommersant obtained a sample of the data containing exposed individuals’ information and confirmed the data stolen is accurate, however, in some instances, it has now become outdated.

The driver database contained a wide range of PII on Moscow-based car owners, including phone numbers, birth dates, full names and vehicle registration numbers. Records also included VIN codes, registration years and car makes and models.

As an added bonus to buyers, the seller of the stolen information is also offering an extra file that contains information gathered in 2020.

Attempts to identify the threat operator and affiliates

The source of the stolen data is, at present, still not known. According to the seller of the stolen database, they obtained the information via an inside source within Moscow’s dedicated department of traffic police.

Since reports of the incident and the stolen data becoming available to buy, there has been no comment from the authorities in Moscow. Russian cybersecurity analysts looking into the situation remain divided on who the individual behind the breach is.

Some specialists believe the operators exfiltrated the information by abusing a known weakness in the traffic system’s software. However, others are sure that the leak was made possible via an insider.

In a statement, analytics head for SerchInform, Alexei Parfentiev, commented on the data leaked by an inside source:

“The insider job looks more likely because the requirements of regulators on internal structures in the traffic police are less strict than those that concern protection from external attacks.”

Another analyst based at InfoWatch Group gave an alternative perspective. They claimed that cyberattacks aimed at car insurers are also a possible explanation. All of the details exposed in the recent theft can be found in typical files kept by car insurance companies.

The exposure of Moscow motorists’ data is not unprecedented, and neither is it being made available for purchase on hacker forums. In summer last year, a smaller driver database was stolen on the dark web, with a higher asking price of $1,500. The reason attributed to the low price tag of the most recent listing of stolen driver data is that the information may be largely out of date.

The more recent the data, the more valuable it tends to be for use in cybercriminal campaigns. However, the sale still offers plenty of PII that could be dangerous in the hands of a threat operator.

With the services offered by Galaxkey you can protect your enterprise’s data, and you can try it out with a free 14-day trial.