© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Russian passport details exposed by database leak

A leaking database thought to belong to the Russian airline Aeroflot left the details of more than a million people accessible to the public, putting them in danger of cybercrime, the Cybernews research team has discovered.

The team made the discovery during a routine investigation using open-source intelligence (OSINT) methods, coming across an Elasticsearch instance left open that contained more than a million passports – mostly of Russian nationality.

Weighing in at nearly 2GB, the data included names, surnames, birth dates, telephone numbers, nationalities, email and residential addresses, and passport expiration dates, and could have been easily downloaded by any member of the public. Cybernews reached out to Aeroflot and the database leak appears to have been plugged on April 25, although at the time of writing it has not responded to our inquiry.

“Extremely sensitive data was leaked that can be used to impersonate a person, even obtain credits from banks,” said a Cybernews spokesman. “What is more, the data leaked could also be used for market research, business intelligence purposes, or plainly sold to call-centers or scammers. Sometimes such data might be used to threaten people with a ransom.”

The leaking database instance was found to be hosted by Russian provider simplecloud.ru. The research team concluded that the dataset might belong to aeroflot.ru, due to correlation between the carrier’s website passenger sign-up form and data uncovered by the leak including extra miles and subscription levels.

More from Cybernews:

Free cleaning apps put millions at risk of hacking, says research

Be careful when you scan QR codes

Chinese 'cyber spies' Naikon are back, says report

Gray Chynoweth, Minim: “the beating heart of the home network is the Wi-Fi gateway, router or mesh system, and the software it operates”

No allies in the cyber world: how Chinese hackers collect intelligence on Russian government officials

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked