Russian courier service CDEK data hacked and sold online, over 9 million customer data leaked
Due to the Coronavirus outbreak, we have seen the number of data leak and the breach is increasing day by day. Now hackers breached the servers of Russian courier service CDEK and leaked data for sale online. The data breach affects data of over 9 million users and is being sold for $950 (Rs 71,000 approx) online.
The stolen data by hackers contains information about the delivery and location of goods and information about buyers, including Tax Identification Numbers.
However, CDEK claims that there was none of the data leaked is from the CDEK database. A company representative said that personal data is collected by many companies, including state aggregators and the leak could have occurred on any of these resources.
Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies, said that this is the largest leak of personal data from Russian delivery services. He notes that the information of CDEK users is not leaked for the first time: previously, customers of the delivery service complained that personal data of other people are visible on the company’s website due to vulnerabilities.
Head of Security Department of SearchInform Alex Drozd warned that after leaks there are always calls from scammers. They call the victim and introduce themselves as company employees and try to find out information about billing information.
Shiny Hunters involved?
The CDEK hack attack seems to have all the signatures of the hacking group Shiny Hunters. Shiny Hunters have been making headlines for the past month by leaking data of nearly 73 million users of different websites they have been involved in the data breach of Tokopedia, Microsoft GitHub repository, Unacademy, ChatBooks, Bhinneka.com, etc. None of the security researchers have confirmed that the current CDEK data breach the handiwork of by Shiny Hunters. However, prima facie it seems to be the work of the same hacking group because like other data breaches, the CDEK was hacked and the hackers immediately put the database on sale.