The data of Russian Hyundai users is put up for sale
Data of 1.3 million registered users of the site hyundai.ru put up for sale on the shadow forum
/NOVOSTIVL/ The database of 1.3 million Russian owners of Hyundai cars is put up for sale on shadow forums. It contains, among other things, user addresses, information about cars and ordering spare parts. Hackers can use data to steal cars, and their owners should expect messages from spammers, cybersecurity experts warn.
Data of 1.3 million registered users of the site hyundai.ru put up for sale on the shadow forum, the Telegram channel "Information Leaks"reported. The database contains the full names, phone numbers and home addresses of users, as well as information about cars, ordering spare parts and participating in the brand's marketing activities.
It is sold for about $2 thousand and, judging by the widespread "probes", has no signs of compilation, and the seller himself has a high rating and has not previously been seen selling fake data, says Ashot Hovhannisyan, founder of the DLBI data leak intelligence service. The latest data on user transactions contained in the" probes " of the database relate to 2019, he notes.
The seller who put up the database has a good reputation, so the leak is similar to the real one, according to other information security experts interviewed by Kommersant. One of them claims that the seller of the base is a Russian living in Moscow. Hyundai declined to comment. The database is a "dump" of the SQL server that serves the site of the Russian office of Hyundai, so it is likely that the source of the leak was a vulnerability in this server found by an automatic scanner, or a backup copy of the data that the attackers accessed, Ashot Hovhannisyan believes. The seller has a lot of ads in which he offers databases of other companies in the same format, so most likely, the hacker massively scans vulnerable networks, "selects those that are more delicious" and exploits vulnerabilities, says KELA analyst Victoria Kivilevich.
The introduction of arbitrary SQL code in a web resource request is one of the most common types of attacks for hacking sites and programs that process and store data, adds Alexey Kubarev, head of the business development group of the Solar Dozor product center of Rostelecom-Solar. Probably user data hyundai.ru leaked as a result of just such an attack, he believes. But in general, there can be many options for sources of leakage: from external penetration due to the use of outdated software to the human factor, said Igor Sergienko, Deputy General Director of Infosecurity a Softline Company.
User Database hyundai.ru it is unique in that it contains quite detailed information about cars and their owners, says Alexey Kubarev. This can help attackers calculate the car for the purpose of theft, he warns, in addition, the information may be of interest, for example, to insurance companies, for which the possession of data is a valuable competitive advantage.
For users, the leak is not particularly dangerous, since the database does not contain their payment data, but it is possible that many Hyundai owners will receive advertising messages from other car brands in the near future, Ashot Hovhannisyan believes. Also, in his opinion, it is possible to use the database for phishing mailings.
It is not the first time that Hyundai has security problems, says Viktoria Kivilevich, pointing to the merged data of the company's employees ' accounts that were registered on corporate emails: in total, the company leaked about 130 such logins without passwords and about 200 with passwords, some of which are encrypted. According to her, this data appeared online in the collections of leaks in 2019, as well as in other cases.