Russian passport details exposed by database leak
May 2022 by Cybernews research team
A leaking database thought to belong to the Russian airline Aeroflot left the details of more than a million people accessible to the public, putting them in danger of cybercrime, the Cybernews research team.
The team made the discovery during a routine investigation using open-source intelligence (OSINT) methods, coming across an Elasticsearch instance left open that contained more than a million passports – mostly of Russian nationality.
Weighing in at nearly 2GB, the data included names, surnames, birth dates, telephone numbers, nationalities, email and residential addresses, and passport expiration dates, and could have been easily downloaded by any member of the public. Cybernews reached out to Aeroflot and the database leak appears to have been plugged on April 25, although at the time of writing it has not responded to our inquiry.
“Extremely sensitive data was leaked that can be used to impersonate a person, even obtain credits from banks,” said a Cybernews spokesman. “What is more, the data leaked could also be used for market research, business intelligence purposes, or plainly sold to call-centers or scammers. Sometimes such data might be used to threaten people with a ransom.”
The leaking database instance was found to be hosted by Russian provider simplecloud.ru. The research team concluded that the dataset might belong to aeroflot.ru, due to correlation between the carrier’s website passenger sign-up form and data uncovered by the leak including extra miles and subscription levels.