Renaissance Insurance has warned of a data leak from its renins[.]ru website, running on the CMS Bitrix. According to experts, the SQL dump is dated May 31, 2023, and contains 737,665 rows of user data, including full names, email addresses (633.2 thousand unique addresses), phones (315.4 thousand unique numbers), hashed passwords (MD5 with “salt”), and dates of registration and last login (from February 14, 2015 to May 31, 2023). The researchers randomly checked email addresses from the leak through a password recovery form and found that the data was valid.
In response to the incident, Renaissance Insurance released an official statement. The company confirmed that the site was subjected to a targeted attack by skilled hackers, who managed to compromise the login page for the personal account of the eOSAGO service. However, the company could not confirm the leakage of a significant amount of user data, and emphasized that hackers did not gain access to passwords, payment and passport data of customers. Other sections of the site and all the information in them have not been attacked and are safe.
