Earlier this month, Whoosh confirmed it was the target of a cyber incident, but said that its IT team managed to stave off the attack. However, in a recent statement, the company said the incident led to a data leak, and that it is conducting an internal investigation. Russian law enforcement agencies are also looking into the matter. One of Russia’s leading public transport platforms, the company has more than 75,000 scooters that Russians use to get around 40 cities in the country. Whoosh said the leak does not contain any sensitive information, such as account details or transaction data. However, the listing appears to contain partial card details of 1.9 million customers.
Stolen Customer Data Posted on Hacking Forums
On Friday, Nov. 11, an unknown user posted a database onto the “Breached” dark web hacking forums. In a Telegram listing of the same database, the seller claims the data was stolen in November 2022. In addition to the nearly 2 million partial credit card details, the database contains information such as email addresses, phone numbers, and first names belonging to 7.2 million Whoosh customers. Furthermore, its contents included 3 million promo codes, which anyone can use to rent the scooters for free. The seller added that they would sell the database to only five buyers at a price of 0.21490980 BTC ($4,200 approximately). As of now, it does not appear as if anyone has bought the database.
What We Know About the Whoosh Data Breach
In a statement to RIA Novosti, Whoosh said the dark web listing concerns the same security incident that it revealed to the public earlier this month. At the time, Whoosh said its internal security service successfully prevented a data leak. However, the company changed its tone after reports about the dark web listing came to light. “The network writes about the data that we announced earlier: insensitive data of a part of our users,” Whoosh’s translated statement reads. While confirming the leak, the company still noted that sensitive financial data was not obtained by hackers. “The leak did not affect sensitive user data, such as account access, transaction information or travel details. Our security procedures also exclude the possibility of third parties gaining access to full payment data of bank cards of users,” it adds.
Data for Sale to the Highest Bidder
This year has seen a slew of hackers and cybercriminals putting troves of stolen data for sale on the dark web. Just last month, Australian telecom giant Telstra experienced a data breach that saw the information of 30,000 employees wind up on a dark web forum. Earlier this month, ransomware gang “BlogXX” swiped sensitive data from Medibank customers, then gave the company a 24-hour deadline to pay a ransom, or they’d release the information on the dark web. After the health insurer refused to pay up, the group went through with its threat, even releasing the names and nature of healthcare visits of patients — such as addiction or eating disorders. The dark web, while useful for journalists, whistleblowers and other individuals seeking anonymity online, has become a hotbed for illegal activity and a one-stop shop for the sale or exposure of personal data. Web users interested in navigating the dark online will want to educate themselves on the dangers of the dark web.