"News"Report that on Tuesday, February 12, 2020, two dumps with data from Sberbank users were found on the darknet at once: 20,000 and 100,000 lines.
Journalists of the publication checked the test fragment of the first base (10 entries) and verified the authenticity of the information. Moreover, the analysis showed that the information does not coincide with previously put up for sale, that is, a new leak. According to the seller, he is ready to unload 10,000 new records weekly and sell each line for 35 rubles. According to him, citizens from the base live in regions with a time zone of +5 UTC, that is, in the subjects of the Ural and Volga federal districts.
Each entry in the database contains the name of the banking unit, full name, account number, passport data, birth dates and phone numbers of users. Judging by the abbreviated name of the unit, customers received cards in the Republic of Bashkortostan. The passport series matches the region code number (OKATO).
To verify the authenticity of the data, the journalists checked their mobile phones through the Sberbank Online application, where when entering the number you can see the first name, middle name and first letter of the user's last name. Six out of ten entries matched, another three were not tied to the application, and in one case, the phone showed a different name. Up to four people managed to get through the indicated phone numbers: all of them confirmed their name and date of birth.
At the request of Izvestia, DeviceLock technical director Ashot Oganesyanon checked the data from the test fragment and assured that the new database was not part of the mass leak that the media wrote about last October: the new records have a different format and the data that can be verified (for example, phones) in the test fragments provided by sellers then and now do not match.
DeviceLock expert suggested that the data went on sale through an insider – a bank employee who has access to an information system or database server, from where he does the upload.
As mentioned above, Izvestia also discovered another announcement on the sale of data from Sberbank customers (100,000 lines). However, journalists have no evidence of the authenticity of this information: the seller does not provide a test fragment of the dump.
Representatives of Sberbank reportthat they have already checked and concluded that the data found by journalists has been sold on the black market for a long time and refers to 2015-2016.
“Every day, dozens of messages appear on the network with an offer to sell customer databases of various banks and companies. We check any such information, including the one referred to in the publication. There is data previously offered for sale in the shadow market and related to 2015-2016, ”the press service of the bank said.