The data allegedly belonging to the 9 million customer service Express transportation SDEK, put up for sale online for 70 thousand. This is the biggest leak of personal data in the Russian delivery services, the interest of fraud which is associated with the growth of demand for their services amid the isolation of coronavirus, experts say. In the company insist that it leaks and data source could be another resource.Data of more than 9 million customers a courier service SDEK sold on the net for 70 thousand RUB., noticed a Telegram-channel In4security. The database contains information about the delivery and location of cargo and information about customers, including the VAT. In the screenshots that the seller sent to the author bases Telegram-channel, is the date 8 may 2020, which indicates the freshness of the base.made up the growing number of cyber attacks in Russia in the first quarter of 2020 for the fourth quarter of 2019 (assessment of Positive Technologies)In the most SDEK argue that data leakage from the company was not. Personal data is collected by many companies, including national aggregators, leakage could occur to any of these resources, and the company SDEK is not involved in this, said her representative. The company reminded that in recent years, cases of fraudulent sites acting on behalf of SDEK.This is the biggest leak of personal data of Russian delivery services, says the head of Department of Analytics and special projects CC InfoWatch Andrei Arsentiev. He noted that the information leaked SDEK is not the first time: previously the customers of the shipping service complained that due to vulnerabilities on the company website visible to other people’s personal information.These leaks are dangerous because increase the probability of success when using methods of social engineering, says Deputy Director Infosecurity a Softline Company, Igor Sergienko.After the major leaks is always followed by a flurry of calls from fraudsters who are represented by employees of the company and trying to find information about billing, warns the head of the security Department “of SearchInform” Alex Drozd, an unpleasant consequence can be and getting into database marketing, including cold calling.Scammers also, in terms of reliable information about the order number and composition of the goods will be more convincing, says partner and Director of the company “Intellectual reserve,” Paul meat-eaters. For example, the recipient may be forced to pay some “extra fees,” says the development Manager of DLP Solar Dozor direction of the company “Rostelecom-solar” Alexey Kubarev, noting that the leak of such a base to competitors, it can also be used for mass luring customers.Brand SDEK also exploit fake web sites, which from the beginning of 2020 appeared bole�� 450 indicates In4security. A large number of users of ad sites, such as Avito, have complained about phishing links that lead to resources that mimic the website of the company, as well as the active use of fake invoices its details, confirms founder and technical Director of DeviceLock Oganesyan. Attackers make fake ads on popular websites with products at attractive prices and send invoice data from a malicious website delivery, imitating the resources of SDEK or other well-known delivery service, says Andrei Arsentiev: the man pays for the goods, but in the end not getting the desired thing. In recent weeks, the rise of phishing sites: online cinema, online shopping, training courses, legal advice, government portals, adds head of information security, CROC Andrey Zaikin.Interest courier services can be linked with the surge in demand for their services, says Director General HFLabs Dmitry Zhuravlev. Criminals always follow the news agenda and trends, agrees senior virus expert “Kaspersky Lab” Denis Legato. In the domestic market demand is growing, confirmed by the President of the Association of Express carriers, Vladimir Sarkisov, zatrudnilisj to evaluate it in exact figures.Yulia Stepanova
