News

Hacker claims to sell 1.3 million Hyundai Russia customer records

This week a hacker put up records of 1.3 million Hyundai customers based in Russia for sale on a forum.

The records expose extensive customer information including vehicle information (such as VIN), email and contact information, address, date of birth, marital status, etc.

1.3 million records put up for sale on hacker forum

This week, a hacker claims to be selling data of 1.3 million Hyundai Russia customer records on a forum.

The finding was brought to my attention by threat intelligence analyst Bank Security.

As observed by Security Report, the sample data set shared by the user indicates multiple databases may be included as a part of the sale.

Forum post shares samples of data belonging to Russian Hyundai customers

Sample exposes customers’ vehicle and personal information

The sample data set posted by the seller shows vehicle information (such as VIN, car make/model, year, etc.) and links this information to the customer’s personal information via a numeric ID.

Sample JSON data exposes sensitive customer information linked to Hyundai vehicles

By researching some of the email addresses present in the leaked data sample, Security Report observed some of the leaked data in the sample represented Hyundai’s Russian dealerships (not necessarily customers), but the authenticity of the overall data could not be verified at this time.

Security Report reached out to Hyundai’s global media contacts for comment but we have not heard back.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

12 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

12 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

12 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

12 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.