Data 5 million students and staff online English school Skyeng for sale on the Internet for 40 thousand RUB, the company that leak is not confirmed. Experts suggest that the base could drain someone from retiring employees, and predict the growth of such cases due to staff turnover.5 million students of online English language schools Skyeng for sale on the Internet, found Telegram-channel In4security. Our database contains information about the users of the service from CIS countries, including telephone numbers, email addresses and Skype IDs. The data are sold for 40 thousand rubles, said the founder of DeviceLock and service intelligence leaks DLBI Oganesyan. Including database 270 thousand records on Russian users — teachers, students, and all employees of the company, he says. The correspondent of “Kommersant” called some of the customers whose data was in a free “sample” database, and confirmed the authenticity of the data.In Skyeng not confirmed the fact of leakage or hacking. There is no reason to believe that the specified in the message base has to Skyeng, said the managing partner of this platform Alexander Laryanovsky.Judging by the format provided by the seller of samples, database leaked as a result of open access to the MongoDB server about three months ago, says Oganesyan. Such situations are not uncommon in recent years, and lead to base, exhibited in the open access, are on sale or for free published on hacker forums, he points out.The nature of the database suggests that either was hacked online schools database claimed the employee assumes the lead analyst Infosecurity a Softline Company Alexander Vurasko. Database could make someone from the insiders to try to “merge” the cyber criminals or competitors, says the development Manager of DLP Solar Dozor direction of the company “Rostelecom-solar” Alexey Kubarev, predicting growth of malicious or accidental data leakage due to the increased turnover. Among the possible script leak he also calls an external attack on the server, which stores user data, or data from online rooms users through a phishing site similar to the site-the victim.Employees stealing data when uncertain about the future, their income fell and they got access to corporate information from home and can copy it quickly and uncontrollably, says the head of the Zecurion analytical center Vladimir Ulyanov.According to Zecurion, in normal conditions, less than half of employees intend to copy corporate data, but with the threat of dismissal or of reducing the proportion of such applicants is increasing almost doubled. It is likely that the database was stolen the resigning employee, believes Mr. Ulyanov, a reason these workers fall into a special control group withon the side of security.In Infosecurity a Softline Company during the pandemic recorded up to ten new leaks database with data of citizens, customers of the online stores, visitors etc. this week, the Internet has surfaced database of 5 million users presumably with the SuperJob website (the company has denied the leak), reported by “Kommersant”.The database can be used to spam and in this role will be of interest to competitors Skyeng, of which there are many, said Ashot Hovhannisyan. Competing services may use it for targeted advertising using online services, such as contextual or targeted advertising, agrees Vladimir Ulyanov. In addition, using social engineering techniques fraudsters can get information directly for money, he adds. Scammers can offer customers to pay a non-existent program and fake services, said Alexey Kubarev.Yulia Stepanova
