The data of clients of the anonymous verification service leaked to the Network

Science, technology and technology news

Moscow. July 20. INTERFAX.RU – A database of clients and transactions of the anonymous verification service sms-activate.ru has appeared on Telegram, writes Kommersant. The profile channel “Information Leaks” was the first to notice the leak.

The database contains names, e-mail addresses, IP addresses, partial numbers of payment cards and payment amounts, Kommersant was convinced. It contains about 163 thousand unique records, including about 50 thousand valid ones, Ashot Hovhannisyan, the founder of the DLBI data leak intelligence and monitoring service, told the publication.

The site on sms-activate.ru says that its daily audience reaches 17 thousand people a day, and about 1500 new users appear on the site every day. Service representatives did not respond to the publication's request for the contacts indicated on the website.

Such services actually provide mobile numbers for temporary use to customers, which allows, for example, to pass verification anonymously at Mail.ru, VKontakte, Avito, Telegram, Twitter, Yandex and other resources, the newspaper explains.

This service does not violate the law if the service enters into contracts with operators in the manner prescribed by law or negotiates with individuals and legal entities that have such contracts, Pavel Ikkert, managing partner of the Ikkert and Partners law firm, told the publication. Sources of “Kommersant” in telecom operators believe that such services use SIM cards, massively purchased for individuals or legal entities.

The cybercriminals could get the service base using fuzzing – software testing by enumerating parameters, in which deliberately incorrect data is automatically sent to the application and the program's reaction to them is analyzed to detect errors, the newspaper cites the opinion of experts from the channel “Draining from private channels”.

Ashot Hovhannisyan recalled that in June, on the open Elasticsearch server, “more than 1.5 million messages were discovered, presumably sent from number 900 with data on customer names, withdrawal or transfer amounts, bank card balances and their last four digits.”

Kirill Solodovnikov, general director of Infosecurity a Softline Company, believes that data from the database can be used by malefactors who deceive people on the phone, posing as employees of their bank. The database may also be of interest to marketers, he said.

Leave a Reply

3 + six =