Hackers put up for sale the data of 9 million customers of the Russian delivery service CDEK. The database, which provides information about the location of parcels and the identity of the recipients, is sold for 70 thousand rubles. About it publication "Kommersant" with a link to the In4security Telegram channel.
Who exactly took possession of the personal data of millions of people is unknown. The screenshots of the database show the date May 8, 2020, which means that the stolen information is relevant and can be used by attackers to extort money from CDEK clients.
According to Andrei Arsentiev, head of the analytics department of the InfoWatch group of companies, this is the largest leak of customer data among Russian delivery services. According to him, CDEK clients have repeatedly complained about vulnerabilities on the service website, which made it possible to see the personal data of strangers.
According to Igor Sergienko, Deputy General Director of Infosecurity a Softline Company, the stolen data can be used by attackers for social engineering. In the near future, fraudsters may start calling CDEK customers and posing as company employees.
To create more trust, they can give order numbers, TINs and other data taken from a stolen database. Ultimately, they may ask the victims to pay "additional fees and charges." Competitors of CDEK may well use information to lure customers to their side.
The increased interest of hackers in delivery services is due to the fact that during quarantine people began to actively from online stores. According to DeviceLock founder Ashot Hovhannisyan, you can also run into scammers on the Avito ad service. The attackers began to actively create fake CDEK websites, promise people to send orders after payment, and hide along with the victims' money. Since the beginning of 2020, about 450 fake sites have appeared.
Representatives of SDEK deny data leakage from their website. According to them, the personal data of customers are processed by many intermediaries, including state aggregators. It is possible that hackers stole the database from third-party companies.
During the coronavirus pandemic, hackers are interested not only in delivery services, but also in video conferencing services. Recently, the Check Point Research Group that scammers began to spread viruses using clones of the official websites of Zoom, Google Meet and Microsoft Teams.
Source: 3dnews.ru