Hacker claims to sell 1.3 million Hyundai Russia customer records

This week a hacker put up records of 1.3 million Hyundai customers based in Russia for sale on a forum.

The records expose extensive customer information including vehicle information (such as VIN), email and contact information, address, date of birth, marital status, etc.

1.3 million records put up for sale on hacker forum

This week, a hacker claims to be selling data of 1.3 million Hyundai Russia customer records on a forum.

The finding was brought to my attention by threat intelligence analyst Bank Security.

As observed by Security Report, the sample data set shared by the user indicates multiple databases may be included as a part of the sale.

Forum post shares samples of data belonging to Russian Hyundai customers

Sample exposes customers’ vehicle and personal information

The sample data set posted by the seller shows vehicle information (such as VIN, car make/model, year, etc.) and links this information to the customer’s personal information via a numeric ID.

Sample JSON data exposes sensitive customer information linked to Hyundai vehicles

By researching some of the email addresses present in the leaked data sample, Security Report observed some of the leaked data in the sample represented Hyundai’s Russian dealerships (not necessarily customers), but the authenticity of the overall data could not be verified at this time.

Security Report reached out to Hyundai’s global media contacts for comment but we have not heard back.

Ax Sharma

Ax Sharma is a Security Researcher and Tech Reporter. His works and expert analyses have frequently been featured by leading media outlets including the BBC, Business Insider, Fortune, TechCrunch, TechRepublic, The Register, WIRED, among others. Ax's expertise lies in vulnerability research, malware analysis and reverse engineering, open source software and scams investigations. He's an active community member of British Association of Journalists (BAJ) and Canadian Association of Journalists (CAJ).