Brinztech Alert: 22.5 Million Records from Russia’s KazanExpress.ru on Sale

Dark Web News Analysis: 22.5 Million KazanExpress.ru Customer Records on Sale

A massive 4.98 GB database, allegedly from the Russian e-commerce platform KazanExpress.ru (part of Magnit Group), is being sold on a hacker forum. The breach contains over 22.5 million customer and order records and is exceptionally severe due to the inclusion of detailed physical access information for customer deliveries. This leak goes beyond typical PII, providing criminals with a roadmap to their victims’ front doors. The compromised data, formatted in CSV/SQL, reportedly includes:

• Customer PII: Full names, phone numbers, and email addresses.
• Detailed Delivery Information: Full physical addresses, including apartment numbers, building entrance numbers, and intercom codes.
• Order and Payment Data: Information on payment types and platform usage.
• Record Count: Over 22.5 million records.

Key Cybersecurity Insights

A data breach that includes specific instructions on how to physically access a person’s building is a catastrophic failure of data protection with dire consequences for personal safety.

• A Catastrophic Physical Security Risk: Intercom Codes and Apartment Numbers Leaked: This is the most critical and alarming aspect of the breach. Leaking a customer’s name and address is dangerous; leaking their specific apartment number, building entrance, and the code to get inside the building is a burglar’s dream. This data will be used by criminals to facilitate targeted home invasions, burglaries, and package theft on a massive scale, posing a direct and severe threat to the physical safety of millions of people.
• A Goldmine for Hyper-Realistic Delivery and Financial Scams: With full order and delivery details, criminals can launch extremely convincing phishing and smishing (SMS phishing) campaigns. They can send fake messages about a “delivery issue” or a “payment problem” that contain the victim’s real name, full address, and recent order information, making the scams almost impossible for an average person to distinguish from legitimate communications.
• Massive Scale of Breach Threatens a Large Portion of the E-Commerce Market: A database of 22.5 million records from a major e-commerce player impacts a significant portion of the online shopping population in the region. The sheer volume of this highly sensitive and actionable data guarantees it will be widely abused for years, fueling a long-term wave of both digital and physical crime.

Critical Mitigation Strategies

KazanExpress must launch an immediate and transparent response to this critical threat, and its customers must prioritize their physical and digital security.

• For KazanExpress: Immediately Activate Incident Response and Notify Authorities: The company must launch a full-scale investigation to determine the source of this catastrophic breach. Given the direct physical threat posed to millions of citizens, they have an urgent duty to notify national law enforcement agencies.
• For KazanExpress: Mandate Password Resets and Urgently Notify Customers: The company must force a password reset for all 22.5 million user accounts. It is absolutely critical that they provide prompt, transparent, and direct communication to all affected customers, explicitly warning them of the severe physical security risks from the leaked address data and the high likelihood of targeted fraud.
• For Affected Customers: Prioritize Your Physical Security and Be on Maximum Alert for Scams: This is the most important advice for victims. Customers must be aware that their home access details may be compromised. They need to be on maximum alert for targeted phishing and smishing scams. It is also crucial to change any reused passwords associated with their KazanExpress account to protect their digital identity.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com