- Статьи
- Society
- Knowledge leaked: almost 50 major data leaks have occurred since the beginning of the year
Knowledge leaked: almost 50 major data leaks have occurred since the beginning of the year
The number of major leaks since the beginning of the year has already reached about 50, cybersecurity companies said, noting that this is a significant amount of data. The attackers had at least 21.5 million unique phone numbers and 17 million email addresses in their hands. Data from logistics companies and entertainment services is particularly vulnerable. This information is rapidly being bought up on the black market by the owners of penetration bots, trying to get one or another leak "exclusively". Whether it is possible to use bots that provide personal data is described in the Izvestia article.
How much data has been leaked
According to various estimates, from 37 to 46 data leaks of Russians occurred in the first quarter of 2025, cybersecurity companies told Izvestia. According to the DLBI vulnerability and leak intelligence service, their total volume amounted to about 21.5 million unique phone numbers and 17 million email addresses.
The logistics companies segment is currently leading in terms of the number of leaks. Information and entertainment resources took the second and third places in the first quarter of 2025. At the beginning of last year, the leaders were financial organizations, whose major leaks affected 145 million phone numbers and 51 million e-mail addresses of their customers. In 2024, online shopping and marketing services suffered the most.
Anastasia Kisko, head of the Jet Infosystem's proactive monitoring of external digital threats, said that 46 data leaks from various sources have been recorded in this company since the beginning of 2025. Online stores account for the largest percentage.
In January–March 2025, Roskomnadzor recorded 25 cases of personal data leaks, the agency told Izvestia.
From January to March 2025, analysts at the F6 cyber intelligence department recorded 67 new cases of publication of databases of Russian companies that appeared on underground forums and in thematic Telegram channels. But among this volume, there may be data from last year's leaks.
Retail and online stores account for more than 46% of all public leaks in 2025, the company told Izvestia. 13% are public sector leaks. In addition, IT companies, Internet services, telecom and educational portals are still at risk.
Head of BI.Dmitry Kiryushkin, ZONE Brand Protection, added that since the beginning of the year, the attackers have made more than 1 thousand publicly available. databases (new and earlier). In addition, the company's specialists found more than 100 ads for searching such databases with users' personal information for purchase.
An analysis of last year's leaks shows that a significant part of them began to appear on sale or publicly available with a great delay, noted DLBI founder Ashot Oganesyan.
"The main reason for the change in the situation on the black market of data was the high demand for new leaks from the owners of penetration bots," he said. — Since the end of last year, they have been buying up on exclusive terms almost all the data appearing on the black market to enrich the databases used in these bots. Today, darknet forums are full of "buy new bases on exclusivity" ads, and the prices offered reach thousands or even tens of thousands of dollars.
How punching bots work
Punching bots are Telegram services that allow you to receive other personal data using one well-known parameter, for example, a phone number: passport data, INN, access to public services, recalled Igor Mandik, CEO of PRO32.
—Attackers use such data for various illegal activities, from mailing lists and fraudulent calls to obtaining loans and stealing funds," he explained. — The risks from their use are significant, and there is no reliable protection for ordinary users today. The responsibility for the security of personal data largely lies with the operators who process this information.
Cybercriminals collect this information, especially posted for free, for their bots, F6 confirmed.
"We see individual services that buy up internal data and access to the infrastructure of companies," they said. — In addition, pro-Ukrainian hacktivists are interested in the data of Russian users and companies, who then use all the information they find, including in their Telegram bots for penetration.
In fact, such bots are data aggregators, added Lev Paley, Director of Information Security at Webmonitorex. They collect both information that is in leak databases and open data from various sites, compare and unify it.
— For example, the full name, phone number and e-mail were leaked from one organization, the same e—mail and delivery address were leaked from another, - the expert explained. — Thus, these two leaks are combined into one. The only question is how extensive and unique a set of sources a particular bot uses. The popularity of penetration services increased significantly when they moved from the darknet and specialized resources and applications to Telegram and became available to any user for a small fee.
In November 2024, penalties for leaks and the use of personal data became tougher in Russia, Alexander Zabrovsky, an expert at Kaspersky Digital Footprint Intelligence digital threat monitoring, reminded Izvestia. As a result of these changes, the owner of the most popular punching bot, the Eye of God, stopped its work.
"After that, a lot of alternative bots and sites with similar functionality appeared, many of which operate outside of Russia," he said.
Databases do not disappear, but accumulate on the network, Dmitry Kiryushkin added. Such leaks may contain various information that is often difficult or impossible to change.
— There is a critical amount of such "irremovable" data in the public domain. This allows attackers to find information about almost any person and use it in their schemes to increase the victim's trust," he added. — We recommend that you be attentive to calls and messages from unfamiliar numbers or email addresses. If you are informed of your personal data, this does not guarantee that you are communicating with a legitimate representative. The information could have been obtained from a leak.
How to secure your data
As a rule, hackers steal user databases for the purpose of resale, for example, to illegal call centers that engage in telephone fraud, or to "penetration services," according to Sergey Balyberdin, cybersecurity expert at Cyberspytanie JSC.
Such programs not only collect user data from different services, but can also be used by hackers for various frauds, Anastasia Kisko added. With their help, scammers can engage in blackmail and information theft.
Most often, bots are used for personal purposes to protect themselves, for example, by checking the person with whom you go on a date or to whom you rent an apartment, Lev Paley noted. However, the same information can be used by detractors for blackmail or stalking, which even poses a direct threat to human life.
A large set of data about a person can help attackers gain confidence in a potential victim, Alexander Zabrovsky said.
"This also allows scammers to create the illusion that they are acting on behalf of an employee of a company," he said. — In this case, it's not just the victim who suffers.: A decent organization that uses attackers as a cover may face reputational damage and loss of trust. Users of such bots also take risks: in most cases, information about requests is logged and can be used against their senders.
A person cannot protect himself from getting into the bot's database, experts noted. According to Lev Paley, even if the victim does not use social networks and does not have public accounts, his data may end up in databases of leaks from organizations.
"Therefore, it is up to companies to do everything possible to ensure that these databases are not replenished," he stressed. — In particular, many of the most high-profile leaks in recent years have been related to the exploitation of web vulnerabilities. By hacking into an online resource or API (the interface through which applications exchange data), hackers can easily gain access to the application's database, which contains information from customers' personal accounts. Therefore, special attention should be paid to protection against web threats.
It is important for businesses to build a process for secure storage and encryption of information, Sergey Balyberdin added. You can verify its security using different security formats.
In addition, experts warned that the use of such bots and their services is strictly prohibited. Anyone who does this can be held accountable. Such acts can be qualified under Article 137 of the Criminal Code of the Russian Federation ("Violation of privacy"). The first part of this article provides for punishment in the form of imprisonment for up to two years. If the crime is committed using official authority, the penalty will be up to four years.
Users can check whether their credentials have been leaked through special programs, for example, a Russian service from NCC or commercial solutions. It is important to regularly change and not use the same passwords for important accounts, personal or work mail, and government services, said Sergey Balyberdin.
Переведено сервисом «Яндекс Переводчик»
