There was a large leak of customer data of the anonymous verification service – “Kommersant”

The data of customers and their transactions through the anonymous verification service sms-activate appeared in the public domain in Telegram. About it informs “Kommersant”.

The published database contains names, email addresses, IP addresses, as well as partial payment card numbers and payment amounts. ” The database contains about 163 thousand unique records, including about 50 thousand confirmed ones. The service itself claims that its daily audience reaches 17 thousand people.

The experts interviewed by the publication believe that the leaked data can be used by fraudsters who deceive people on the phone, posing as bank employees. Also, the database may be of interest to marketers.

Such services actually provide mobile numbers for temporary use to customers. This allows you to anonymously pass verification on Mail.ru, VKontakte, Avito, Telegram, Twitter, Yandex and other resources. This service does not violate the law if the service enters into contracts with operators in the prescribed manner or negotiates with individuals and legal entities that have such contracts.

As the publication specifies, the attackers could get the service base using fuzzing – testing software by enumerating parameters, in which deliberately incorrect data is automatically sent to the application and the program’s response to them is analyzed to detect errors.