The data of several million customers of “Beeline” posted

8

Данные нескольких миллионов клиентов «Билайна» выложили в сеть

Free discovered another database in the mobile operator “Beeline” with information about almost 9 million users connected to home Internet. Check “b” showed that data relevant. While the information in the database, according to experts, sufficient for attacks using social engineering techniques, and ways of dealing with scams of this kind are still there.

Sources “” in Bank for information security reported that appears in the open access database of clients of “Beeline” and shared a link to her download. Later, information about this appeared in the Telegram-channels. The database contains 8.7 million records with information about clients, connected via home Internet “Beeline” throughout Russia. The test showed that the data are relevant, the staff of “Kommersant”, which is connected or was connected to the Internet “Beeline”, found at the base of your full name, address, mobile and home phones. And was identified both active and closed contracts, since the database contains information as of November 2016.

In a press-service of “Beeline” said that he had investigated the incident. They noticed that at the moment the subscriber base of wired broadband access “Beeline” at least 3 million “This information is (caught in open access.— “B”) is a small part of the base in 2017. Data leakage, we recorded two years ago,— explained there. All the perpetrators were identified and punished, at the moment most of the information is already outdated data.” However, the security service of “Beeline” continues to investigate the incident, said the company.

The fact that many people from the database who find themselves in the public domain, are no longer clients of “Beeline”, not reducing their risks. According to the interlocutor of Kommersant, close to the Central Bank, presented information may be of value to fraudsters stealing the money of citizens through social engineering (misrepresentation due to the information available with the aim of further clarifying the customer data required for the theft of its funds, in particular the complete Bank card number, CVV code etc.). According to the head of management of information security of the Bank “Renaissance Credit” Dmitry Sturova, information from such databases can be compiled with other data, and therefore the appearance of such an array of information open access carries with it certain risks. “For example, there are scripts that allow you the phone number via the mobile banks to punch the card number”,— says Mr. Sturov.

“Such bases that do not have banking information, card numbers, contracts, history of operations, etc., actively marketed,— the chief of Department to combat fraud “infosistemy Dzhet” Alexey Sizov.— Those who professionally are engaged in the rung of Bank customers have already received access to them”. However, for those who are just beginning to learn the “craft” of social engineer, this crib may be useful, however, as for aggressive marketing, says the interlocutor of Kommersant in the Bank from the top 50. According to the head of ChronoPay Pavel Vrublevsky, the leakage of large amounts of data are hardly “random”. But whatever purposes pursued spread in the open access of such information leaks are a risk to the people whose data could fall into the wrong hands, experts believe.

While the solution to the problems of social engineering and the growing volume of data available to fraudsters, no. According to the business security consultant Cisco Systems Alexey Lukacova, now the only possible way of dealing with drain and dissemination databases — to identify and prosecute those who do it. “In my opinion, is not the way to punish those who have leaked information that the European version of the multi-million dollar fines for leaking data also doesn’t work,— specifies Mr. Lukatsky.— Another thing is that currently, neither the code of criminal procedure, neither the investigating authorities nor the courts are willing to consider such cases.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here