Hacker claims to sell 1.3 million Hyundai Russia customer records

This week a hacker put up records of 1.3 million Hyundai customers based in Russia for sale on a forum.

The records expose extensive customer information including vehicle information (such as VIN), email and contact information, address, date of birth, marital status, etc.

1.3 million records put up for sale on hacker forum

This week, a hacker claims to be selling data of 1.3 million Hyundai Russia customer records on a forum.

The finding was brought to my attention by threat intelligence analyst Bank Security.

As observed by Security Report, the sample data set shared by the user indicates multiple databases may be included as a part of the sale.

Forum post shares samples of data belonging to Russian Hyundai customers

Sample exposes customers’ vehicle and personal information

The sample data set posted by the seller shows vehicle information (such as VIN, car make/model, year, etc.) and links this information to the customer’s personal information via a numeric ID.

Sample JSON data exposes sensitive customer information linked to Hyundai vehicles

By researching some of the email addresses present in the leaked data sample, Security Report observed some of the leaked data in the sample represented Hyundai’s Russian dealerships (not necessarily customers), but the authenticity of the overall data could not be verified at this time.

Security Report reached out to Hyundai’s global media contacts for comment but we have not heard back.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).